On March 30, BeyondTrust proved that a crafted GitHub branch name could steal Codex’s OAuth token in cleartext. OpenAI classified it Critical P1. Two days later, Anthropic’s Claude Code source code ...

The AI subscription buffet may still be open, but the plates are getting smaller, the premium dishes are moving behind higher tiers and the meter is starting to matter.

Attackers published a malicious command-line version of the popular open-source password manager to the npm registry and may be behind a spate of recent supply chain attacks. Researchers warn of a new ...

A malicious version of the Bitwarden command-line interface (CLI) password manager was briefly distributed via the Node package manager (npm), as part of a widening supply chain attack targeting ...

CLI-Anything generates SKILL.md files that AI agents trust and execute. Snyk found 13.4% of agent skills contain critical ...

Google's GTIG identified the first zero-day exploit developed with AI and stopped a mass exploitation event. The report documents state actors using AI for vulnerability research and autonomous ...

The opinionated guide to running Claude Code well. CLAUDE.md, skills, subagents, hooks, and the workflows that produce ...

People are trusting their AI agents with much more important work, but doing so still carries significant risks. Just ask Jeremy Crane, founder of PocketOS, a startup that builds software for car ...

Google says attackers are using AI for zero-day research, malware development, reconnaissance, and access to premium AI tools ...

Good afternoon, everyone, and welcome to Amplitude's First Quarter 2026 Earnings Call. Today, I'll cover 3 things. First, our Q1 results; second, how AI is reshaping the software development life ...

Grafana Labs disclosed that hackers have downloaded its source code after breaching its GitHub environment using a stolen ...

Grafana disclosed an unauthorized party accessed its GitHub environment and downloaded its codebase via a token.