Grok Build uploaded full Git repositories to xAI cloud storage before xAI disabled the behavior and Musk pledged to delete ...
xAI open-sourced its Grok Build terminal coding agent on Wednesday under the Apache 2.0 license, releasing 844,530 lines of Rust to GitHub hours after the tool's covert full-repository upload behavior ...
Threat actors compromised AsyncAPI packages and weaponized trusted CI/CD workflows to distribute malware through npm. This ...
An unpatched vulnerability in Cursor on Windows could allow attackers to achieve code execution via malicious repositories.
Microsoft is extending Dataverse into coding-agent marketplaces while expanding its MCP tools, certification program and governance controls.
Indirect prompts hidden in a repository can lead to Claude Code spawning a reverse shell on the developer’s machine. Attackers can take over developers’ systems by hiding indirect prompts in ...
Sync / Submit Pull the latest, or commit + push with a readable change list and a message. Conflicts get a plain keep-mine / take-theirs prompt. Insert at cursor Double-click (or right-click > Insert) ...
An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious payload that remains invisible to security scanners, AI agents, and human ...
A vulnerability in Amazon’s AI-powered coding assistant, Amazon Q Developer, allowed attackers to steal cloud credentials simply by tricking a developer into opening a poisoned code repository. The ...
Cybersecurity researchers have flagged a new class of CI/CD workflow weakness that allows attackers to hijack workflows and compromise open-source supply chains. The "critical exploitable pattern" has ...