InfoWorld

FastAPI-based AI tools exposed to authentication bypass by flaw in Starlette framework

Researchers who found the bug warn that its Moderate rating understates a threat reaching across LLM gateways, MCP servers ...

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...
Redmondmag.com

Supply Chain Attack Hits Microsoft GitHub Repos, AI Coding Tools

GitHub disabled 73 Microsoft repositories on June 5 after a malicious commit landed in an Azure project, in what researchers described as a supply chain attack aimed at developer workstations and AI ...
GitHub

Too important for spreadsheets. Too specific for SaaS.

A small, production-shaped full-stack foundation designed to be safely extended by AI coding agents. Most starter templates are designed for humans to read once and forget. This one is designed to be ...
GitHub

Resilient Agent Tasks Across Dropped Connections

A production-shaped A2A/MCP agent runtime for long-running tasks that must survive broken client connections. Most agent demos assume the browser tab stays open until the task finishes. Real clients ...