InfoQ

GitHub Actions Custom Runner Images Reach General Availability

GitHub has just announced the availability of custom images for its hosted runners. They've finally left the public preview ...
CSO Online

Hackers exploit a critical Flowise flaw affecting thousands of AI workflows

The design flaw in Flowise’s Custom MCP node has allowed attackers to execute arbitrary JavaScript through unvalidated ...
InfoWorld

GitHub Copilot CLI adds Rubber Duck review agent

Rubber Duck uses a second model from a different AI family to evaluate the primary agent’s plans, question assumptions, and ...

Max severity Flowise RCE vulnerability now exploited in attacks

Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for ...
Dark Reading

AI-Assisted Supply Chain Attack Targets GitHub

PRT-scan is the second campaign in recent months where a threat actor has leveraged AI for automated targeting of a ...
Microsoft

Inside an AI‑enabled device code phishing campaign

A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation.
Dark Reading

Claude Source Code Leak Highlights Big Supply Chain Missteps

Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer.

Anthropic's Boris Cherny, creator of $2.5 billion coding tool, makes a ‘clarification’ on Claude Code leak: ‘It's never an individual's fault, it’s the…’

A missed step in a manual deployment process exposed the internal workings of one of AI's hottest coding tools—and briefly ...