Tag Archives: GitHub

For the 2nd time in weeks, Microsoft packages laced with credential stealer

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI coding agents. In all, multiple researchers said, 73 packages were flagged as malicious when automated systems on GitHub blocked them on the platform. Rather than noting they… Read More: For the 2nd time in weeks, Microsoft packages laced with… »

A hacker group is poisoning open source code at an unprecedented scale

A so-called software supply chain attack, in which hackers corrupt a legitimate piece of software to hide their own malicious code, was once a relatively rare event but one that haunted the cybersecurity world with its insidious threat of turning any innocent application into a dangerous foothold in a victim’s network. Now one group of… Read More: A hacker group is poisoning open source code at an… »

In stunning display of stupid, secret CISA credentials found in public GitHub repo

Security researcher Brian Krebs brings us the news that America’s Cybersecurity & Infrastructure Agency (CISA) has had a large store of plaintext passwords, SSH private keys, tokens, and “other sensitive CISA assets” exposed in a public GitHub repo since at least November 2025. The now-offline public repo—named, somewhat aspirationally, “Private-CISA”—was brought to Krebs’ attention by… Read More: In stunning display of stupid, secret CISA credentials found in… »

Open source package with 1 million monthly downloads stole user credentials

The developers are urging all developers who installed version 0.23.3 to take the following steps immediately: 1. Check your installed version: pip show elementary-data | grep Version 2. If the version is 0.23.3, uninstall it and replace it with the safe version: pip uninstall elementary-data pip install elementary-data==0.23.4 In your requirements and lockfiles, pin explicitly… Read More: Open source package with 1 million monthly downloads stole user… »

Widely used Trivy scanner compromised in ongoing supply-chain attack

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing supply chain attack that could have wide-ranging consequences for developers and the organizations that use them. Trivy maintainer Itay Shakury confirmed the compromise on Friday, following rumors and a thread, since deleted by the attackers, discussing the incident.… Read More: Widely used Trivy scanner compromised in ongoing supply-chain attack »

Anthropic’s Claude Haiku 4.5 matches May’s frontier model at fraction of cost

And speaking of cost, Haiku 4.5 is included for subscribers of the Claude web and app plans. Through the API (for developers), the small model is priced at $1 per million input tokens and $5 per million output tokens. That compares to Sonnet 4.5 at $3 per million input and $15 per million output tokens,… Read More: Anthropic’s Claude Haiku 4.5 matches May’s frontier model at fraction… »

Microsoft open-sources Bill Gates’ 6502 BASIC from 1978

On Wednesday, Microsoft released the complete source code for Microsoft BASIC for 6502 Version 1.1, the 1978 interpreter that powered the Commodore PET, VIC-20, Commodore 64, and Apple II through custom adaptations. The company posted 6,955 lines of assembly language code to GitHub under an MIT license, allowing anyone to freely use, modify, and distribute… Read More: Microsoft open-sources Bill Gates’ 6502 BASIC from 1978 »

College student’s “time travel” AI experiment accidentally outputs real 1834 history

A hobbyist developer building AI language models that speak Victorian-era English “just for fun” got an unexpected history lesson this week when his latest creation mentioned real protests from 1834 London—events the developer didn’t know had actually happened until he Googled them. “I was interested to see if a protest had actually occurred in 1834… Read More: College student’s “time travel” AI experiment accidentally outputs real 1834… »

GitHub abused to distribute payloads on behalf of malware-as-a-service

Researchers from Cisco’s Talos security team have uncovered a malware-as-a-service operator that used public GitHub accounts as a channel for distributing an assortment of malicious software to targets. The use of GitHub gave the malware-as-a-service (MaaS) a reliable and easy-to-use platform that’s greenlit in many enterprise networks that rely on the code repository for the… Read More: GitHub abused to distribute payloads on behalf of malware-as-a-service »

AI coding assistant refuses to write code, tells user to learn programming instead

On Saturday, a developer using Cursor AI for a racing game project hit an unexpected roadblock when the programming assistant abruptly refused to continue generating code, instead offering some unsolicited career advice. According to a bug report on Cursor’s official forum, after producing approximately 750 to 800 lines of code (what the user calls “locs”),… Read More: AI coding assistant refuses to write code, tells user to… »