New release integrates automated security scanning, AI-powered remediation, and GitHub-native workflows for enterprise ...

Five malicious Rust crates and an AI bot exploited CI/CD pipelines and GitHub Actions in Feb 2026, stealing developer secrets ...

UNC6426 used stolen GitHub tokens from the 2025 nx npm breach to gain AWS admin access in under 72 hours, enabling data theft and cloud destruction.

Attackers operated an active C2 implant for up to a week and compromised AppSec vendor Xygeni's xygeni/xygeni-action in that time.

Claude Code tooling list compares CLI choices to MCPs; Superbase CLI is positioned as a stronger alternative for self-hosted setups.

Despite widespread industry recommendations, a new ETH Zurich paper concludes that AGENTS.md files may often hinder AI coding agents. The researchers recommend omitting LLM-generated context files ...

Google has introduced an open-source tool that allows command-line access to Workspace services. It supports AI agents and uses MCP.

Security researchers are tracking two separate GitHub-related threat campaigns that use the platform's infrastructure in different ways -- one to deliver vishing lures through legitimate GitHub ...

Anthropic’s Claude Code, an AI-powered coding assistant, executed destructive commands against a live production database ...

Dubbed InstallFix by Push Security, the scheme inserts instructions to download malware during the Claude Code install process on cloned websites.

Fake OpenClaw installers hosted in GitHub repositories and promoted by Microsoft Bing's AI-enhanced search feature instructed users to run commands that deployed information stealers and proxy malware ...

A practical MCP security benchmark for 2026: scoring model, risk map, and a 90-day hardening plan to prevent prompt injection, secret leakage, and permission abuse.