The Hacker News

GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns

GitHub’s actions/checkout v7 now blocks risky fork PR checkouts in privileged workflows to reduce common pwn request attacks.
Tech Times

Karpathy CLAUDE.md Grows to Ten Rules: New Self-Check Protocol for AI Coding Loops

Karpathy CLAUDE.md ten rules: a document attributed to Andrej Karpathy began circulating Friday, adding six agent self-check ...
Dark Reading

'Cordyceps': Mushrooming Malicious Pull Requests Threaten Developer Workflows

By targeting the automated workflows around repositories with targeted pull requests, attackers can potentially target ...

Claude Code turned every engineer into three. Now companies need more product thinkers

AI compressed the build. Fundamentals matter more, not less, and the product funnel is now where engineers earn their keep.
The Hacker News

Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks

Researchers found Cordyceps CI/CD flaws affecting 300+ repositories, enabling code execution, credential theft, and supply ...
SecurityWeek

Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking

Cordyceps, a systemic class of exploitable CI/CD vulnerabilities, allows unauthenticated attackers to hijack developer ...

Qodo Launches Governance Infrastructure for the AI Coding Era

Qodo, the AI code quality and governance platform trusted by Walmart, NVIDIA, Red Hat, and Monday.com, today announced three new platform capabilities: Cross-Repo Code Review, Custom Rules Miner, and ...
Tech Times

Figma Config 2026: Code Layers Challenge Cursor as GPU Shaders Hit Paid Plans

Figma Config 2026 closed Thursday with Code Layers for GitHub-linked canvas editing, Figma Motion in open beta with CSS and ...

AI Solving Mathematical Models Faster Than Humans Can Verify, Opens New Research Frontier

AI is now helping produce research-level mathematics, but experts say verifying proofs not generating them is becoming the ...
WeLiveSecurity

Gamaredon in 2025: Leveraging tunnels, workers, dead drops, and new alliances

ESET Research analyzes Gamaredon’s new toolset and the group’s growing reliance on legitimate online services to hide its C&C ...

AI Is Designing Radio Chips That Humans Couldn’t Even Imagine

SummaryRFIC design is a complex “dark art” that limits progress in wireless technologies like 5G, autonomous vehicles, and ...