GitHub’s actions/checkout v7 now blocks risky fork PR checkouts in privileged workflows to reduce common pwn request attacks.
CVE-2026-12957 in Amazon Q is the third MCP auto-execution vulnerability in three AI coding tools. The pattern reveals a ...
GitHub secret scanning now extends beyond org-owned repositories: Public Monitoring scans all of GitHub.com in real time, ...
A flaw in Anthropic’s Claude Code GitHub Action let attackers bypass permission checks via a fake bot account and use prompt injection to steal OIDC tokens, gaining write access to any vulnerable ...
Robot skill library ASPIRE — released June 29 by NVIDIA and collaborators — gives robots persistent memory by storing every debugging fix as a named, reusable code pattern. It pushed bimanual handover ...
Look to these tools to improve your AI coding practices and the quality, security, and reliability of your AI-generated code.
Chainguard is expanding Repository with new policy controls, malware and greyware scanning, and support for Java, Python, and container artifacts-helping organizations govern software consumption ...
The critical libssh2 CVE-2026-55200 flaw inverts SSH security: the remote server attacks the connecting client, no ...
Decades-old Bash shell tricks can bypass safeguards in most open source AI coding agents, creating a new software supply ...
Cordyceps, a systemic class of exploitable CI/CD vulnerabilities, allows unauthenticated attackers to hijack developer ...
Researchers found Cordyceps CI/CD flaws affecting 300+ repositories, enabling code execution, credential theft, and supply ...
AI compressed the build. Fundamentals matter more, not less, and the product funnel is now where engineers earn their keep.