The Hacker News

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Bitwarden CLI 2026.4.0 was compromised via GitHub Actions in Checkmarx campaign, exposing secrets and distributing malicious ...
Opinion

GitHub opts all CLI users into telemetry collection whether they want it or not

Users of GitHub's command-line interface (CLI) who value privacy, beware. The Microsoft-owned code-hosting platform has quietly begun collecting pseudonymous client-side telemetry from CLI users and ...
InfoWorld

GitHub pauses new Copilot sign-ups as agentic AI strains infrastructure

GitHub said long-running, parallelized AI coding sessions are pushing Copilot beyond the limits of its original individual ...

Inside the dashboards JPMorgan is using to track and rank engineers' AI use

At JPMorgan, the pressure on developers is rising. New documents reveal the inner workings of the bank's systems to track AI ...

Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it

A prompt injection attack hit Claude Code, Gemini CLI, and Copilot simultaneously. Here's what all three system cards reveal ...
The Next Web

GitHub freezes new Copilot sign-ups as agentic AI breaks the economics of flat-rate developer subscriptions

GitHub has paused new Copilot Pro, Pro+, and Student sign-ups as agentic AI workflows generate costs exceeding monthly plan ...

Critical vulnerability in Ruby's standard library ERB:attackers can execute code

The Ruby vulnerability is not easy to exploit, but allows an attacker to read sensitive data, start code, and install ...
Visual Studio Magazine

Visual Studio Code 1.117 Expands Copilot Controls for Business and Enterprise User

VS Code 1.117 adds bring-your-own model key support for Copilot Business and Enterprise users and introduces a set of chat, agent, terminal, and TypeScript updates.

Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used ...

Dev targeted by sophisticated job scam: 'I let my guard down, and ran the freaking code'

A recruiter claiming to work for a blockchain firm called Genusix Labs invited Boris Vujičić, a web developer based in Serbia ...

New Checkmarx supply-chain breach affects KICS analysis tool

Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest ...

Anthropic’s Claude Is Pumping Out Vulnerable Code, Cyber Experts Warn

Anthropic’s latest Claude models are introducing serious security issues into code, cyber experts say. The company is yet to ...