Fake VS Code alerts on GitHub spread malware to developers

A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the ...
SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...

GitHub adds AI-powered bug detection to expand security coverage

GitHub is adopting AI-based scanning for its Code Security tool to expand vulnerability detections beyond the CodeQL static ...

GitHub Copilot will use your data for AI training by default, but you can opt out

GitHub describes this training data as inputs, outputs, code snippets, and associated context, but the fine print goes into ...
The Hacker News

TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials

Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor ...

ChatGPT just got a library for all your files - how it works

ChatGPT just got a library for all your files - how it works ...
InfoWorld

OpenAI adds plugin system to Codex to help enterprises govern AI coding agents

The move lets IT administrators standardize and distribute agent behaviors across engineering teams, but OpenAI’s third-party ...
Unite.AI

OpenAI Adds Plugin Marketplace to Codex

OpenAI has launched a plugin system for Codex, its AI coding agent, adding a curated directory of integrations that connect the tool to workplace apps including Slack, Notion, Figma, Gmail, and Google ...