A group of hackers, named JINX-0164, has been contacting crypto devs via LinkedIn and inviting them to fake meetings that ...

Users probe backup failures find Claude-assisted commits. Veteran engineer retorts: 'I did not just vibe-code 'convert test ...

A newly discovered malware campaign targeting the open source software ecosystem underscores how rapidly supply chain threats are evolving. The campaign, which JFrog has dubbed "IronWorm," targets ...

GitHub Copilot multi-agent support for VS Code launched at Microsoft Build 2026 alongside Project Polaris, an in-house AI ...

Slash Commands 正是为了解决这个问题而诞生的。表面上看，它们只是以 / 开头的命令，但其背后其实是一个带有一组 workflow 约定的具名任务入口。这也是本文将继续探讨的主题。 深入了解 Claude Code 中 Slash Commands 的作用、局限，以及它们为何正在被吸收到 Skill ...

autoresearch 这种东西，三年前不可能存在，因为 LLM 不够强。三个月前可能存在，但要包很多脚手架。现在它可以是 630 行的 train.py + 一份 program.md + 「打开你的 coding agent」。 刷到 Karpathy 又发了新东西。 上次他搞 LLM Wiki，教我们用 AI 管理知识库。那篇出来之后 ...

A single developer. One poisoned extension. Five supply chain surfaces compromised in 48 hours. And a threat group claiming ...

A GitHub employee installed a routine VS Code extension update, handed cybercrime group TeamPCP enough access to exfiltrate approximately 3,800 of GitHub's internal source code repositories — everythi ...

Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561 GitHub repositories within a six-hour window. "Using ...

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...

In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper, to run malicious code ...