Agent Beacon: Open-source telemetry layer for AI agents 2026-06-22 at 08:30 By Mirko Zorz AI coding agents such as Claude Code, Codex CLI, Cursor, and Claude Cowork run on developer laptops, CI jobs, cloud environments, where they edit files, run commands, and call outside tools. Beacon, an open-source project from Asymptote Labs, configures telemetry for […]
Agent Beacon: Open-source telemetry layer for AI agents Read More »
GitHub releases an open dataset for multilingual developer content 2026-06-16 at 09:55 By Anamarija Pogorelec Developers coordinate code across README files, issue threads, and pull request discussions. Much of that exchange happens in English, and a large share happens in other languages. GitHub has released a dataset built to help researchers and developers locate public
GitHub releases an open dataset for multilingual developer content Read More »
Open-source CI/CD abuse detector guards against stolen credential attacks 2026-06-15 at 08:30 By Sinisa Markovic CI/CD Abuse Detector is an open-source project that uses a large language model to flag suspicious changes to continuous integration and continuous deployment pipelines, workflows, and automation configurations. The repository contains drop-in templates for GitHub Actions, GitLab CI, and Azure
Open-source CI/CD abuse detector guards against stolen credential attacks Read More »
NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks 2026-06-13 at 18:52 By Ionut Arghire By default, npm install will no longer execute scripts from dependencies, unless explicitly allowed. The post NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks appeared first on SecurityWeek. This article is an excerpt
NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks Read More »
X Square Robot open sources its robot-free data collection framework 2026-06-11 at 08:43 By Sinisa Markovic Companies building robots for physical work spend large amounts of time and money operating machines by hand to gather training examples. Each session with a physical robot produces a small number of demonstrations per day, which slows the growth
X Square Robot open sources its robot-free data collection framework Read More »
NOVA microhypervisor brings AMD DMA isolation to shared AI infrastructure 2026-06-10 at 09:55 By Mirko Zorz BlueRock has issued the latest open-source release of its NOVA Microhypervisor with DMA remapping support for AMD platforms that have IOMMU hardware virtualization. The capability is enabled by default and extends hardware-level isolation across virtual machines, devices, and memory
NOVA microhypervisor brings AMD DMA isolation to shared AI infrastructure Read More »
DockSec: Open-source AI-powered Docker security scanner 2026-06-08 at 13:09 By Mirko Zorz DockSec is an OWASP Incubator Project that combines three container security scanners with a language-model layer for explanation and remediation. Created by Advait Patel, the Python tool runs Trivy, Hadolint, and Docker Scout against a developer’s Dockerfile and image, correlates the findings, returns
DockSec: Open-source AI-powered Docker security scanner Read More »
Google Colab CLI opens runtimes to Claude Code and Codex 2026-06-08 at 08:00 By Anamarija Pogorelec Google released the Google Colab Command-Line Interface, a tool that connects local terminals to remote Colab runtimes. The CLI provides an execution platform for developers and AI agents, letting users provision compute, run local Python scripts on remote runtimes,
Google Colab CLI opens runtimes to Claude Code and Codex Read More »
GitHub Copilot app launches as desktop home for AI coding agents 2026-06-08 at 07:15 By Sinisa Markovic GitHub introduced the Copilot app, a desktop application built for working with AI coding agents, at Microsoft Build 2026. The release expands GitHub’s Copilot product line beyond editor integrations and command-line tools into a dedicated workspace for directing
GitHub Copilot app launches as desktop home for AI coding agents Read More »
AgentGG: Open-source agentic SAST scanner 2026-06-05 at 09:24 By Mirko Zorz Static analysis tools have spent years matching source code against known-bad patterns and handing engineers long lists of candidate issues to triage by hand. AgentGG approaches the same job with AI agents that read the code, follow imports, walk the call graph, and confirm
AgentGG: Open-source agentic SAST scanner Read More »
OAuth marketplace apps keep access after publishers vanish 2026-06-04 at 16:06 By Mirko Zorz Installing an app from the Google Workspace Marketplace or GitHub Marketplace can grant a third party access to company email, files, calendars, code repositories, CI workflows, organization settings, and secrets. Marketplace presence gives these apps the appearance of approval. The OAuth
OAuth marketplace apps keep access after publishers vanish Read More »
VS Code Vulnerability Allows One-Click GitHub Token Theft 2026-06-04 at 13:16 By Eduard Kovacs A researcher has disclosed the full details of the vulnerability and released a PoC without notifying Microsoft in advance. The post VS Code Vulnerability Allows One-Click GitHub Token Theft appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View
VS Code Vulnerability Allows One-Click GitHub Token Theft Read More »
OWASP Agent Memory Guard: Stop AI agents from being weaponized through their own memory 2026-06-01 at 08:19 By Mirko Zorz AI agents keep memory across sessions. Conversation history, vector stores, scratchpads, and RAG indexes persist between runs, and anything written into that store becomes a privileged input the agent reads back later. An attacker who
OWASP Agent Memory Guard: Stop AI agents from being weaponized through their own memory Read More »
Vigolium: Open-source vulnerability scanner 2026-05-27 at 09:24 By Anamarija Pogorelec Vigolium, an open-source vulnerability scanner that combines deterministic scanning with AI-driven auditing, launched its initial open-source release this month. The project ships 235+ scanner modules and an in-process agent runtime called olium that handles autonomous endpoint discovery, attack planning, and finding triage. The tool exposes
Vigolium: Open-source vulnerability scanner Read More »
Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack 2026-05-25 at 10:56 By Ionut Arghire Fake automated commits injected GitHub Actions workflows containing payloads to steal credentials, CI secrets, keys, and tokens. The post Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from
Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack Read More »
OpenHack: Open-source AI-powered vulnerability research 2026-05-25 at 08:11 By Sinisa Markovic Source-guided vulnerability research increasingly leans on coding harnesses such as Claude Code, Codex, and Cursor to drive agent-based reviews of application code. A new MIT-licensed project from the Dutch security firm Hadrian, called OpenHack, packages that approach into a file-based workspace that any of
OpenHack: Open-source AI-powered vulnerability research Read More »
GitHub, Grafana Labs breaches traced back to TanStack supply chain compromise 2026-05-21 at 16:56 By Zeljka Zorz GitHub CISO Alexis Wales has named the malicious VS Code extension behind the breach they suffered at the hands of the threat group TeamPCP: Nx Console, a popular developer tool with 2.2 million installs. A malicious version of
GitHub, Grafana Labs breaches traced back to TanStack supply chain compromise Read More »
TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension 2026-05-20 at 13:47 By Zeljka Zorz Following TeamPCP’s claim that they’ve breached GitHub’s own private code repositories, the Microsoft-owned company launched an investigation and confirmed the compromise. “Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only. The attacker’s current claims of
TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension Read More »
GitHub Confirms Hack Impacting 3,800 Internal Repositories 2026-05-20 at 13:02 By Ionut Arghire The TeamPCP hacking group accessed the repositories after a GitHub employee installed a poisoned VS Code extension. The post GitHub Confirms Hack Impacting 3,800 Internal Repositories appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
GitHub Confirms Hack Impacting 3,800 Internal Repositories Read More »
CVE Lite CLI: Open-source dependency vulnerability scanner 2026-05-20 at 09:34 By Mirko Zorz Dependency vulnerability scanning in JavaScript and TypeScript projects has long sat at the end of the development pipeline. Pull requests get opened, continuous integration runs, and a security scanner returns a list of CVE identifiers that developers then have to triage hours
CVE Lite CLI: Open-source dependency vulnerability scanner Read More »