Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub

Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in ...
Arabian Post on MSN

Historic Zork Trilogy Code Released under MIT Licence

That architecture allowed one game to run on multiple early microcomputers, giving Zork broad platform reach. Microsoft ...

How vibe coding can make your software headaches worse, experts warn

What may start as 'move fast and break things' too often becomes move fast and break everything, then spend a fortune rebuilding it.' ...

Thomas Dohmke, Former GitHub CEO, Joins Apiiro as a Strategic Advisor to Safeguard AI Before Code Generation and Prevent Risks at Enterprise Scale

With Dohmke’s guidance, Apiiro is accelerating its mission to lead the application security industry into the era of risk prevention at enterprise scale – enabling secure-by-design code before it is ...
InfoWorld

Malicious npm package sneaks into GitHub Actions builds

The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious artifacts under GitHub’s own name.

I got an AI internship in college by posting a coding fix to a company's Facebook. Now I'm a full-time engineer at a startup.

Felix Wallis, 23, thinks personalizing his outreach to employers helped him get a full-time job in AI straight out of college ...

AI companies keep publishing private API keys to GitHub

"Hugging Face tokens are notorious for allowing access to private AI models," said Berkovich. "The leaked Hugging Face token belonging to an AI 50 company could have exposed access to ~1,000 private ...
The Hacker News

Shai-Hulud v2 Campaign Spreads From npm to Maven, Exposing Thousands of Secrets

"As a new and significantly more aggressive wave of npm supply chain malware, Shai-Hulud 2 combines stealthy execution, ...

Google previews Code Wiki: Can you trust AI to document your repository?

Google has previewed Code Wiki, an AI project that aims to document code in a repository and keep it up to date by ...

How context engineering can save your company from AI vibe code overload: lessons from Qodo and Monday.com

Qodo calls its secret sauce context engineering — a system-level approach to managing everything the model sees when making a decision. This includes the PR code diff, of course, but also prior ...
Database Trends and Applications

Amplitude and GitHub Accelerate Product Development with Agent-to-Agent Integration

Amplitude, Inc., a leading digital analytics platform, is collaborating with GitHub to launch an agent-to-agent integration for enterprise product and engineering teams-enabling Amplitude to act as an ...