CSO Online

Critical Cursor bug could turn routine Git into RCE

A flaw in Cursor’s AI agent lets malicious repositories trigger arbitrary code execution through routine Git operations, now ...
The Hacker News

Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack

Checkmarx data surfaced after March 23, 2026 supply chain attack, prompting repository lockdown and investigation, raising ...
InfoWorld

SAP npm package attack highlights risks in developer tools and CI/CD pipelines

Researchers say the campaign targeted developer credentials and cloud secrets while abusing trusted publishing and AI coding ...
Bangalore Mirror

New app repository to guide digital mental health choices

Repository is not meant to function as recommendation list or endorsement of effectiveness, but rather as informational ...
CIO

19 vibe coding tools for democratizing app development

Vibe coding is legit enough that enterprises need to start experimenting. Finding the right tool for your users and use cases is the first step.

How Microsoft’s GitHub just told everyone that AI agents are 'behind' recent outages: We hear the pain you are…

GitHub CTO Vlad Fedorov has published a public apology after two major incidents left thousands of repositories and pull ...
TechJuice

SAP npm Packages Compromised in Mini Shai-Hulud Supply Chain Attack

Multiple SAP npm packages were compromised in a supply chain attack designed to steal developer credentials and tokens.

Warp Open-Sources Its Agentic Development Environment, Introducing a New Model for Building Software with Cloud Agents

Sponsored by OpenAI, Warp launches an open-source ADE where users can submit ideas and watch agents build and ship them ...
Dark Reading

TeamPCP Hits SAP Packages With 'Mini Shai-Hulud' Attack

Several npm packages for SAP's cloud application development ecosystem have been compromised as TeamPCP's supply chain ...

The never-ending supply chain attacks worm into SAP npm packages, other dev tools

Attackers infected all versions with the same credential-stealing malware that, on Wednesday, poisoned multiple npm packages ...
CIO

From copilot to control plane: Where serious AI governance starts

The real AI test isn't how fast you can code; it's whether you have the guardrails to manage what your agents are doing ...
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...