Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...
Mid-Day

Hassan Taher on 5 AI Models To Use For Coding in 2026

Software development teams have absorbed AI coding tools faster than almost any other professional group. GitHub Copilot crossed one million paid users within months of its 2022 launch. Today the ...

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...
The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...

Vibe Coding Has A Massive Security Problem

Vibe coding apps ship with alarming security flaws. What founders need to know about AI-generated code vulnerabilities in ...
The Hacker News

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across developer systems.
Decrypt

OpenClaw Developers Lured in GitHub Phishing Campaign Targeting Crypto Wallets

The phishing campaign lures OpenClaw developers with fake $5,000 token airdrops, then drains wallets through a cloned site ...

Vibe coding apps taught me how hard real coding is

Garbage in, garbage out” applies just as much to AI-assisted vibe coding as it does to old-fashioned software development, as I learned the hard way.

Why Garry Tan’s Claude Code setup has gotten so much love, and hate

Thousands of people are trying Garry Tan's Claude Code setup, which was shared on Github. And everyone has an opinion: even ...

Widely used Trivy scanner compromised in ongoing supply-chain attack

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...
InfoWorld

Markdown is now a first-class coding language: Deal with it

Critics call Garry Tan’s gstack just a bunch of text files. They’re right — and that’s exactly why the future of agentic development looks like Markdown.