DataBreachToday

Flurry of Supply-Chain Software Library Attacks

As supply-chain attacks against widely-used, open-source software repositories continue, experts are urging developers to not ...
SecurityWeek

Bitwarden NPM Package Hit in Supply Chain Attack

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.
Security Boulevard

Attacking the MCP Trust Boundary

Every secure API draws a line between code and data. HTTP separates headers from bodies. SQL has prepared statements. Even email distinguishes the envelope from the message. The Model Context Protocol ...
Opinion

GitHub opts all CLI users into telemetry collection whether they want it or not

Users of GitHub's command-line interface (CLI) who value privacy, beware. The Microsoft-owned code-hosting platform has quietly begun collecting pseudonymous client-side telemetry from CLI users and ...

Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it

A prompt injection attack hit Claude Code, Gemini CLI, and Copilot simultaneously. Here's what all three system cards reveal ...
The Hacker News

Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution

Antigravity Strict Mode bypass disclosed Jan 7, 2026, patched Feb 28, enables arbitrary code execution via fd -X flag.
The Next Web

GitHub freezes new Copilot sign-ups as agentic AI breaks the economics of flat-rate developer subscriptions

GitHub has paused new Copilot Pro, Pro+, and Student sign-ups as agentic AI workflows generate costs exceeding monthly plan ...
Visual Studio Magazine

VS Code Updates Boost AI Agents, Terminal Control and Copilot Workflow

Across the April 8 and April 15, 2026 releases, Visual Studio Code expanded its agent-focused tooling with a new companion app, better terminal interaction, session debugging and more built-in Copilot ...
Cybernews

Researchers hijack popular AI agents from Anthropic, Google, and Microsoft: vendors choose to stay silent

According to researchers, this is the first public cross-vendor demonstration of a single prompt injection pattern across ...
Security Boulevard

GitHub Actions Supply Chain Attack: Trivy Breach & Workflow

Breakdown of the Trivy GitHub Actions attack, including workflow misconfigurations, token theft, and supply chain exposure.

GitHub invokes spirit of Phabricator with preview of Stacked PRs

GitHub has unveiled Stacked PRs, a new feature aimed at making large pull requests easier to review, manage, and move through ...
New York Post

Three word secret code revealed that would pull Savannah Guthrie off the air

NBC reportedly has a contingency plan in place for “Today” show host Savannah Guthrie — including a three-word phrase — in the event that news breaks live about her mother Nancy’s disappearance while ...