The Next Web

A single GitHub issue could have hijacked Anthropic’s own Claude Code action and poisoned every project that uses it

A flaw in Claude Code's GitHub Action let attackers bypass permission checks via fake bots and steal OIDC tokens through prompt injection.
CSO Online

Claude Code has an MCP security problem — and your developers are already using it

The Mitiga disclosure is the most recent, but it is not the first time Claude Code’s configuration model has created a ...
InfoWorld

Attack targeting OpenAI Codex users exposes AI software supply chain risks

The incident highlights how attackers can hide malicious code in software packages that differ from the source code available ...
The Next Web

One click on GitHub.dev is all it takes to hand over your private repositories

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.
Analytics Insight

Best 5 Agentic Engineering Platforms for 2026

AI coding tools are no longer just helping developers complete functions faster. The market is moving toward agentic ...
Tech Times

GitHub Copilot Replaces GPT-4 With Project Polaris, Ships Multi-Agent VS Code at Build

GitHub Copilot multi-agent support for VS Code launched at Microsoft Build 2026 alongside Project Polaris, an in-house AI ...

At the Ambitious New A.I Museum, You Feel the Art, and It Feels You Right Back

A look inside Dataland in Los Angeles, dedicated entirely to A.I.-generated art. Refik Anadol, its founder, says it’s for ...
Tech Times

Google Accepted 6,000 Gemini CLI Contributions, Then Closed Tool for Enterprise Only

Google spent nearly a year accepting code contributions from hundreds of independent developers on an open-source AI terminal ...
CSO Online

Hugging Face Transformers RCE flaw enables stealthy compromise via AI model configs

With over 2.2 billion installs, the flawed Python package offers attackers a huge blast radius, including silent access to ...
The Hacker News

ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface

ChatGPhish exploits ChatGPT Markdown rendering to deliver phishing content from summarized web pages, increasing AI attack surfaces.