10 trillion downloads are crushing open-source repositories - here's what they're doing about it

10 trillion downloads are crushing open-source repositories - here's what they're doing about it ...

Trellix discloses data breach after source code repository hack

Cybersecurity firm Trellix disclosed a data breach after attackers gained access to "a portion" of its source code repository ...
Microsoft

When prompts become shells: RCE vulnerabilities in AI agent frameworks

New research exposes how prompt injection in AI agent frameworks can lead to remote code execution. Learn how these ...

Weaver E-cology critical bug exploited in attacks since March

Hackers have been exploiting a critical vulnerability (CVE-2026-22679) in the Weaver E-cology office automation since ...
MIT Technology Review

The Download: inside the Musk v. Altman trial, and AI for democracy

Plus: The Pentagon has struck sweeping AI deals for classified work. This is today's edition of The Download, our weekday ...

One command turns any open-source repo into an AI agent backdoor. OpenClaw proved no supply-chain scanner has a detection category for it

CLI-Anything generates SKILL.md files that AI agents trust and execute. Snyk found 13.4% of agent skills contain critical ...
InfoQ

AI-First Software Delivery: Balancing Innovation with Proven Practices

Wes Reisz discusses the shift toward AI-first software delivery, emphasizing that agentic workflows are not one-size-fits-all ...
The Manila Times

Sonatype and Package Registry Leaders Unite to Address Open Source Sustainability Crisis

New Linux Foundation initiative convenes registry leaders to develop shared approaches to funding, governance, and long-term ecosystem resilience.
InfoQ

GitHub Enhances CodeQL with Declarative Security Modeling for Faster, More Flexible Analysis

GitHub has introduced a significant update to its CodeQL engine, enabling developers to define custom sanitizers and ...
Hosted on MSN

GitHub project launches all-in-one Minecraft Java modding workspace

A new GitHub repository, "minecraft-java-mods" by mijworksinc, delivers a structured workspace for developing, packaging, and publishing Minecraft Java Edition content. It features templates for mods, ...

200,000 MCP servers expose a command execution flaw that Anthropic calls a feature

OX Security confirmed arbitrary command execution on six live platforms and estimates 200,000 MCP servers are exposed. Here's ...
Graham Cluley

Smashing Security podcast #466: Meta sees everything, Copy Fail, and a deepfake gets hired

Meta’s smart glasses promise privacy “designed for you” – but everything they record was being beamed off to workers in ...