The Next Web

One click on GitHub.dev is all it takes to hand over your private repositories

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.
InfoWorld

Attack targeting OpenAI Codex users exposes AI software supply chain risks

The incident highlights how attackers can hide malicious code in software packages that differ from the source code available ...
Tech Times

GitHub Copilot Replaces GPT-4 With Project Polaris, Ships Multi-Agent VS Code at Build

GitHub Copilot multi-agent support for VS Code launched at Microsoft Build 2026 alongside Project Polaris, an in-house AI ...
TMCnet

Top DAST Tools for API-First Engineering Teams

Tool selection gets messy once the first pull-request comments arrive. This list focuses on what happens after procurement: ...
Tech Times

Google Accepted 6,000 Gemini CLI Contributions, Then Closed Tool for Enterprise Only

Google spent nearly a year accepting code contributions from hundreds of independent developers on an open-source AI terminal ...

DeepSWE blows up the AI coding leaderboard, crowns GPT-5.5, and finds Claude Opus exploiting a benchmark loophole

DeepSWE puts GPT-5.5 atop the AI coding leaderboard while raising new questions about Claude Opus, SWE-Bench Pro, and ...
Krebs on Security

Lawmakers Demand Answers as CISA Tries to Contain Data Leak

On May 18, KrebsOnSecurity reported that a CISA contractor with administrative access to the agency’s code development ...

Security Has A Timing Problem, But Attackers Don’t

To defend against AI-based threats, security leaders need to move the decision point and extend zero trust principles to ...

Running Claude Code or Claude in Chrome? Here's the audit matrix for every blind spot your security stack misses

Four research teams found the same confused deputy failure in Claude across three surfaces in 48 hours. This audit matrix maps every blind spot and fix.
Opinion
Morning Overview on MSNOpinion

Trellix just confirmed hackers broke into its own source code repository — exposing the cybersecurity firm’s internal systems to outside inspection

A cybersecurity company trusted to protect some of the largest networks in the country has itself been breached. Trellix, the endpoint detection and response (EDR) vendor born from the merger of ...