GitHub

X Square Robot open sources its robot-free data collection framework

X Square Robot open sources its robot-free data collection framework 2026-06-11 at 08:43 By Sinisa Markovic Companies building robots for physical work spend large amounts of time and money operating machines by hand to gather training examples. Each session with a physical robot produces a small number of demonstrations per day, which slows the growth […]

X Square Robot open sources its robot-free data collection framework Read More »

NOVA microhypervisor brings AMD DMA isolation to shared AI infrastructure

NOVA microhypervisor brings AMD DMA isolation to shared AI infrastructure 2026-06-10 at 09:55 By Mirko Zorz BlueRock has issued the latest open-source release of its NOVA Microhypervisor with DMA remapping support for AMD platforms that have IOMMU hardware virtualization. The capability is enabled by default and extends hardware-level isolation across virtual machines, devices, and memory

NOVA microhypervisor brings AMD DMA isolation to shared AI infrastructure Read More »

DockSec: Open-source AI-powered Docker security scanner

DockSec: Open-source AI-powered Docker security scanner 2026-06-08 at 13:09 By Mirko Zorz DockSec is an OWASP Incubator Project that combines three container security scanners with a language-model layer for explanation and remediation. Created by Advait Patel, the Python tool runs Trivy, Hadolint, and Docker Scout against a developer’s Dockerfile and image, correlates the findings, returns

DockSec: Open-source AI-powered Docker security scanner Read More »

Google Colab CLI opens runtimes to Claude Code and Codex

Google Colab CLI opens runtimes to Claude Code and Codex 2026-06-08 at 08:00 By Anamarija Pogorelec Google released the Google Colab Command-Line Interface, a tool that connects local terminals to remote Colab runtimes. The CLI provides an execution platform for developers and AI agents, letting users provision compute, run local Python scripts on remote runtimes,

Google Colab CLI opens runtimes to Claude Code and Codex Read More »

GitHub Copilot app launches as desktop home for AI coding agents

GitHub Copilot app launches as desktop home for AI coding agents 2026-06-08 at 07:15 By Sinisa Markovic GitHub introduced the Copilot app, a desktop application built for working with AI coding agents, at Microsoft Build 2026. The release expands GitHub’s Copilot product line beyond editor integrations and command-line tools into a dedicated workspace for directing

GitHub Copilot app launches as desktop home for AI coding agents Read More »

AgentGG: Open-source agentic SAST scanner

AgentGG: Open-source agentic SAST scanner 2026-06-05 at 09:24 By Mirko Zorz Static analysis tools have spent years matching source code against known-bad patterns and handing engineers long lists of candidate issues to triage by hand. AgentGG approaches the same job with AI agents that read the code, follow imports, walk the call graph, and confirm

AgentGG: Open-source agentic SAST scanner Read More »

OAuth marketplace apps keep access after publishers vanish

OAuth marketplace apps keep access after publishers vanish 2026-06-04 at 16:06 By Mirko Zorz Installing an app from the Google Workspace Marketplace or GitHub Marketplace can grant a third party access to company email, files, calendars, code repositories, CI workflows, organization settings, and secrets. Marketplace presence gives these apps the appearance of approval. The OAuth

OAuth marketplace apps keep access after publishers vanish Read More »

VS Code Vulnerability Allows One-Click GitHub Token Theft

VS Code Vulnerability Allows One-Click GitHub Token Theft 2026-06-04 at 13:16 By Eduard Kovacs A researcher has disclosed the full details of the vulnerability and released a PoC without notifying Microsoft in advance. The post VS Code Vulnerability Allows One-Click GitHub Token Theft appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

VS Code Vulnerability Allows One-Click GitHub Token Theft Read More »

OWASP Agent Memory Guard: Stop AI agents from being weaponized through their own memory

OWASP Agent Memory Guard: Stop AI agents from being weaponized through their own memory 2026-06-01 at 08:19 By Mirko Zorz AI agents keep memory across sessions. Conversation history, vector stores, scratchpads, and RAG indexes persist between runs, and anything written into that store becomes a privileged input the agent reads back later. An attacker who

OWASP Agent Memory Guard: Stop AI agents from being weaponized through their own memory Read More »

Vigolium: Open-source vulnerability scanner

Vigolium: Open-source vulnerability scanner 2026-05-27 at 09:24 By Anamarija Pogorelec Vigolium, an open-source vulnerability scanner that combines deterministic scanning with AI-driven auditing, launched its initial open-source release this month. The project ships 235+ scanner modules and an in-process agent runtime called olium that handles autonomous endpoint discovery, attack planning, and finding triage. The tool exposes

Vigolium: Open-source vulnerability scanner Read More »

Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack

Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack 2026-05-25 at 10:56 By Ionut Arghire Fake automated commits injected GitHub Actions workflows containing payloads to steal credentials, CI secrets, keys, and tokens. The post Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from

Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack Read More »

OpenHack: Open-source AI-powered vulnerability research

OpenHack: Open-source AI-powered vulnerability research 2026-05-25 at 08:11 By Sinisa Markovic Source-guided vulnerability research increasingly leans on coding harnesses such as Claude Code, Codex, and Cursor to drive agent-based reviews of application code. A new MIT-licensed project from the Dutch security firm Hadrian, called OpenHack, packages that approach into a file-based workspace that any of

OpenHack: Open-source AI-powered vulnerability research Read More »

GitHub, Grafana Labs breaches traced back to TanStack supply chain compromise

GitHub, Grafana Labs breaches traced back to TanStack supply chain compromise 2026-05-21 at 16:56 By Zeljka Zorz GitHub CISO Alexis Wales has named the malicious VS Code extension behind the breach they suffered at the hands of the threat group TeamPCP: Nx Console, a popular developer tool with 2.2 million installs. A malicious version of

GitHub, Grafana Labs breaches traced back to TanStack supply chain compromise Read More »

TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension

TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension 2026-05-20 at 13:47 By Zeljka Zorz Following TeamPCP’s claim that they’ve breached GitHub’s own private code repositories, the Microsoft-owned company launched an investigation and confirmed the compromise. “Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only. The attacker’s current claims of

TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension Read More »

GitHub Confirms Hack Impacting 3,800 Internal Repositories

GitHub Confirms Hack Impacting 3,800 Internal Repositories 2026-05-20 at 13:02 By Ionut Arghire The TeamPCP hacking group accessed the repositories after a GitHub employee installed a poisoned VS Code extension. The post GitHub Confirms Hack Impacting 3,800 Internal Repositories appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

GitHub Confirms Hack Impacting 3,800 Internal Repositories Read More »

CVE Lite CLI: Open-source dependency vulnerability scanner

CVE Lite CLI: Open-source dependency vulnerability scanner 2026-05-20 at 09:34 By Mirko Zorz Dependency vulnerability scanning in JavaScript and TypeScript projects has long sat at the end of the development pipeline. Pull requests get opened, continuous integration runs, and a security scanner returns a list of CVE identifiers that developers then have to triage hours

CVE Lite CLI: Open-source dependency vulnerability scanner Read More »

AI is drowning software maintainers in junk security reports

AI is drowning software maintainers in junk security reports 2026-05-18 at 21:32 By Zeljka Zorz AI-assisted vulnerability research has exploded, unleashing a firehose of low-quality reports on overworked software maintainers who are wasting hours sifting through noise instead of fixing real problems. Linus Torvalds, the Linux kernel’s creator, says the flood has made the project’s

AI is drowning software maintainers in junk security reports Read More »

Lyrie: Open-source autonomous pentesting agent

Lyrie: Open-source autonomous pentesting agent 2026-05-18 at 09:42 By Sinisa Markovic Penetration testing has usually required weeks of manual work, specialized tooling, and teams with narrow skill sets. Lyrie, an open-source autonomous security agent built by OTT Cybersecurity, compresses that process into a command line tool and publishes the entire codebase. The project reached version

Lyrie: Open-source autonomous pentesting agent Read More »

Microsoft’s WinUI agent plugin trims token use by over 70% during development

Microsoft’s WinUI agent plugin trims token use by over 70% during development 2026-05-14 at 18:25 By Sinisa Markovic Microsoft published a plugin on May 13 that lets GitHub Copilot CLI and Claude Code drive the full WinUI 3 development cycle, from project scaffolding through signed MSIX packaging. The WinUI agent plugin ships one agent, eight

Microsoft’s WinUI agent plugin trims token use by over 70% during development Read More »

Vector embedding security gap exposes enterprise AI pipelines

Vector embedding security gap exposes enterprise AI pipelines 2026-05-14 at 08:30 By Mirko Zorz Enterprise adoption of retrieval-augmented generation has moved sensitive corporate content into a new storage format that existing security tools cannot inspect. Companies deploying internal AI assistants convert documents into high-dimensional numerical vectors and ship them to embedding services and vector databases

Vector embedding security gap exposes enterprise AI pipelines Read More »

Scroll to Top