Exclusive: Chainguard extends Repository scanning and policies to Java, Python and containers

Secure software supply chain solution provider Chainguard Inc. today expanded its Chainguard Repository product with malware ...
The Hacker News

Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks

Researchers found Cordyceps CI/CD flaws affecting 300+ repositories, enabling code execution, credential theft, and supply ...
Dark Reading

'Cordyceps': Mushrooming Malicious Pull Requests Threaten Developer Workflows

By targeting the automated workflows around repositories with targeted pull requests, attackers can potentially target ...
The Hacker News

GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns

GitHub’s actions/checkout v7 now blocks risky fork PR checkouts in privileged workflows to reduce common pwn request attacks.
InfoWorld

AI coding agents may be getting bad instructions from ‘smelly’ config files

The first proposed catalog of 'configuration smells' reveals widespread issues like context bloat, skill leakage, and ...

Anthropic co-founder Boris Cherny who said software engineering is 'dead', now says days of AI prompts are over and it is time for ...

AI pioneer Boris Cherny, co-founder of Anthropic, is shifting his focus from manual prompt writing to 'loop engineering.' ...

New GitHub Zero-Day Exposed Developer Tokens to Attackers

A github.dev flaw could let attackers steal GitHub OAuth tokens through a one-click attack, exposing private repositories and codebases.
DATAQUEST

The new software stack: How AI is changing SaaS, apps, and enterprise workflows

Features: AI is redrawing the enterprise software stack, turning applications into agents, data into context, and workflows ...

Where AI-Powered Software Development Delivers Measurable Results

AI-assisted software development has evolved significantly over the last few years, moving from isolated code completion ...

Why automated open source scans don't guarantee license compliance

Hannah Dacayanan of UnitedLex discusses ways in which automated software composition analysis tools identify open source ...

GitHits Raises $1.75M Pre-Seed to End AI Hallucinations for Coding Agents with “Google for Code”

GitHits has raised $1.75 million in pre-seed funding to develop the “Google of code search” Wilmington, DELAWARE, June 16, ...
Dark Reading

Novo Nordisk Breach Highlights Software Development Pipeline Risk

A recent — and likely massive — breach at Novo Nordisk, where attackers reportedly gained an initial foothold using a single GitHub access token, underscores how code repositories and developer ...