Malware in an Open-Source Project Could Have Infected Thousands. The Twist? It Was Certified by Delve

McMahon wrote that the malware was likely vibe coded, and sloppily at that, leading to the so-called “fork bomb” that crashed ...
WinBuzzer

90% of Claude Code Output Lands in Low-Star GitHub Repos

Anthropic's Claude Code has surpassed 20 million GitHub commits, but 90% of output has landed in repos with fewer than two ...
SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...

Open source isn't a tip jar – it's time to charge for access

Opinion Time and again, I see people begging for companies with deep pockets to fund open source projects. I mean, after all, ...
Dark Reading

GitHub 'OpenClaw Deployer' Repo Delivers Trojan Instead

An AI-assisted campaign is spreading more than 300 poisoned packages for diverse assets ranging from developer tools to game ...
TMCnet

New Diffblue Testing Agent Automatically Generates Comprehensive Regression Test Suites To Derisk Application Modernization

Diffblue today announced the general availability of the Diffblue Testing Agent, an autonomous regression test generator that works with an enterprise's existing AI coding platform - GitHub Copilot, ...

Chainguard is racing to fix trust in AI-built software - here's how

Chainguard is expanding beyond open-source security to protect open-core software, AI agent skills, and GitHub Actions.
InfoQ

AWS Launches Managed Openclaw on Lightsail amid Critical Security Vulnerabilities

AWS launched managed OpenClaw on Lightsail for AI agent deployment while security concerns mount. The 250k-star GitHub ...
VentureBeat

Anthropic's Claude Code Security is available now after finding 500+ vulnerabilities: how security leaders should respond

Anthropic pointed its most advanced AI model, Claude Opus 4.6, at production open-source codebases and found a plethora of security holes: more than 500 high-severity vulnerabilities that had survived ...
TechCrunch

Former GitHub CEO raises record $60M dev tool seed round at $300M valuation

Former GitHub CEO Thomas Dohmke has raised the largest-ever seed round for a dev tool startup, according to its lead backer, Felicis. The startup, Entire, has raised $60 million at a $300 million ...
The Verge

GitHub adds Claude and Codex AI coding agents

Microsoft-owned GitHub continues to embrace OpenAI and Anthropic AI advances. Microsoft-owned GitHub continues to embrace OpenAI and Anthropic AI advances. is a senior editor and author of Notepad, ...