The Hacker News

GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns

GitHub’s actions/checkout v7 now blocks risky fork PR checkouts in privileged workflows to reduce common pwn request attacks.
Opinion
Database Trends and ApplicationsOpinion

Chainguard Repository 2.0 Delivers Security and Compliance Updates

Chainguard is expanding Repository with new policy controls, malware and greyware scanning, and support for Java, Python, and container artifacts-helping organizations govern software consumption ...
Tech Times

Karpathy CLAUDE.md Grows to Ten Rules: New Self-Check Protocol for AI Coding Loops

Karpathy CLAUDE.md ten rules: a document attributed to Andrej Karpathy began circulating Friday, adding six agent self-check ...

Claude Code turned every engineer into three. Now companies need more product thinkers

AI compressed the build. Fundamentals matter more, not less, and the product funnel is now where engineers earn their keep.
SecurityWeek

Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking

Cordyceps, a systemic class of exploitable CI/CD vulnerabilities, allows unauthenticated attackers to hijack developer ...
The Hacker News

Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks

Researchers found Cordyceps CI/CD flaws affecting 300+ repositories, enabling code execution, credential theft, and supply ...
Visual Studio Magazine

Spring AI 2.0 Goes GA, Giving Java Developers a More Mature AI App Stack

Spring AI 2.0 advances the Java framework for generative AI apps with a Spring Boot 4 baseline, cleaner agentic tooling, Model Context Protocol support and vendor-backed integrations including Azure ...
InfoQ

Million PDFs: Building a Modern Document Infrastructure with Rust and Typst

Erik Steiger discusses the operational pain of legacy PDF generation in regulated banking and manufacturing. He explains how ...
InfoWorld

When software developers and AI agents share the learning

When an agent does something, the whole company should learn from it, so that every developer gets access to the shared ...

Qodo Launches Governance Infrastructure for the AI Coding Era

Qodo, the AI code quality and governance platform trusted by Walmart, NVIDIA, Red Hat, and Monday.com, today announced three new platform capabilities: Cross-Repo Code Review, Custom Rules Miner, and ...
Crowdfund Insider

250,000+ Potential Digital Security Issues in GitHub Actions Workflows Identified in New Report

Cybersecurity researchers at Kaspersky have identified more than 250,000 potential security misconfigurations across GitHub Actions workflows in thousands of ...