A flaw in Claude Code's GitHub Action let attackers bypass permission checks via fake bots and steal OIDC tokens through prompt injection.
A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.
The incident highlights how attackers can hide malicious code in software packages that differ from the source code available ...
GitHub Copilot multi-agent support for VS Code launched at Microsoft Build 2026 alongside Project Polaris, an in-house AI ...
ChatGPhish exploits ChatGPT Markdown rendering to deliver phishing content from summarized web pages, increasing AI attack surfaces.
With over 2.2 billion installs, the flawed Python package offers attackers a huge blast radius, including silent access to ...
Google spent nearly a year accepting code contributions from hundreds of independent developers on an open-source AI terminal ...
DeepSWE puts GPT-5.5 atop the AI coding leaderboard while raising new questions about Claude Opus, SWE-Bench Pro, and ...
Four research teams found the same confused deputy failure in Claude across three surfaces in 48 hours. This audit matrix maps every blind spot and fix.
On May 18, KrebsOnSecurity reported that a CISA contractor with administrative access to the agency’s code development ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results