Even Claude agrees: hole in its sandbox was real and dangerous

Two now-patched bypass bugs in Claude Code’s network sandbox put users at risk, and one of these allows baddies to send ...
Biometric Update

GitHub leak exposed CISA, DHS GovCloud keys, internal credentials

The exposure represents a major operational security failure at the federal agency responsible for helping defend critical ...
Decrypt

GitHub Confirms 3,800 Internal Repos Stolen Through Poisoned VS Code Extension

TeamPCP gained access to GitHub's private source code after an employee unknowingly installed a malicious coding tool.
The Next Web

GitHub confirms hackers stole thousands of internal code repositories after employee installed a poisoned VS Code extension

TeamPCP exfiltrated 3,800 internal GitHub repositories after poisoning a VS Code extension. No customer data was affected, the company says.
Morning Overview on MSN

A ransomware crew calling itself the 'Coinbase Cartel' just breached Grafana — the monitoring tool running inside thousands of corporate networks

In late May 2026, reports emerged that attackers breached Grafana Labs’ systems by exploiting a newly disclosed vulnerability ...

GitHub says hackers stole data from thousands of internal repositories

The code hosting giant GitHub said it was investigating a breach but said there was no evidence of customer data theft.

GitHub Says 3,800 Repositories Breached—TeamPCP Hackers Demand $50,000

A GitHub employee has unwittingly allowed 3,800 internal repositories to be breached after a device compromise with a ...

Yearslong fight over users’ right to tweak smart TV software heads to trial

For years, owners of Vizio smart TVs have had little control over the software running on their sets—software that can track ...

Awake Venture Studio Launches ForgeOS, the First Open-Source Multiplatform Operating System for AI Agents

You need to guarantee that Agent A cannot access Client B's data, that spending stays within budget, and that sensitive ...
InfoQ

TanStack Details Sophisticated npm Supply Chain Attack That Compromised 42 Packages

TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages ...

Four AI supply-chain attacks in 50 days exposed the release pipeline red teams aren't covering

Four supply-chain attacks hit OpenAI, Anthropic, and Meta in 50 days — none inside the model. A 7-row matrix maps what AI ...

Open-source AI assistant can improve research workflow

Lehigh University researchers have built the first "AI for Science" software tool designed to support the entire project workflow for research scientists. Dr. Claw is an open-source, full-stack AI ...