InfoQ

AI-Powered Bot Compromises GitHub Actions Workflows Across Microsoft, DataDog, and CNCF Projects

AI-powered bot hackerbot-claw exploited GitHub Actions workflows across Microsoft, DataDog, and CNCF projects over 7 days using 5 attack techniques. Bot achieved RCE in 5 of 7 targets, stole GitHub ...

APT28 hackers deploy customized variant of Covenant open-source tool

The Russian state-sponsored APT28 threat group is using a custom variant of the open-source Covenant post-exploitation ...

OpenAI Acquires Promptfoo To Embed Security Testing Into Its Agents

OpenAI acquires Promptfoo to embed AI red-teaming and security testing directly into its Frontier agent platform, signaling that agent safety is now table stakes.

New PhantomRaven NPM attack wave steals dev data via 88 packages

New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers.
RACER

Gabehart, Spire fire back at Gibbs discovery request

In filings made Wednesday night to the Western District of North Carolina, Chris Gabehart has asked that Joe Gibbs Racing’s ...

Chapter 23xH: Genesis

You may recognize Kishuna from a previous battle.
GitHub

git-pkgs

A git subcommand for tracking package dependencies across git history. Analyzes your repository to show when dependencies were added, modified, or removed, who made those changes, and why. This is a ...