New release integrates automated security scanning, AI-powered remediation, and GitHub-native workflows for enterprise ...

Five malicious Rust crates and an AI bot exploited CI/CD pipelines and GitHub Actions in Feb 2026, stealing developer secrets ...

UNC6426 used stolen GitHub tokens from the 2025 nx npm breach to gain AWS admin access in under 72 hours, enabling data theft and cloud destruction.

Attackers operated an active C2 implant for up to a week and compromised AppSec vendor Xygeni's xygeni/xygeni-action in that time.

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...

Claude Code tooling list compares CLI choices to MCPs; Superbase CLI is positioned as a stronger alternative for self-hosted setups.

Despite widespread industry recommendations, a new ETH Zurich paper concludes that AGENTS.md files may often hinder AI coding agents. The researchers recommend omitting LLM-generated context files ...

Google has introduced an open-source tool that allows command-line access to Workspace services. It supports AI agents and uses MCP.

Klarrio warns: blind AI deployment erodes expertise, creates software infarcts, and increases European dependence on tech ...

Security researchers are tracking two separate GitHub-related threat campaigns that use the platform's infrastructure in different ways -- one to deliver vishing lures through legitimate GitHub ...

Anthropic’s Claude Code, an AI-powered coding assistant, executed destructive commands against a live production database ...

Fake OpenClaw installers hosted in GitHub repositories and promoted by Microsoft Bing's AI-enhanced search feature instructed users to run commands that deployed information stealers and proxy malware ...