Security researcher exploits GitHub gotcha, gets admin access to all Istio repositories and more
A security researcher investigated an archive of commits on GitHub, which developers had likely thought they had deleted, […]
“Serious” MySQL bug celebrates 20 years unfixed – another reason to switch to PostgreSQL?
A bug in MySQL submitted in June 2005 with a severity of “S2 (Serious)” remains unfixed 20 years […]
Misconfigured GitHub Actions could leave repos and secrets exposed, Sysdig finds
Sysdig researchers have warned that developers and maintainers could be leaving their repos open to hijacking through inadequately […]
Redefining identity security in the age of agentic AI
Now AI agents have identity, too. Here’s how to handle it The rise of agentic AI systems is […]
Cursor AI editor hits 1.0 milestone, including BugBot and high-risk background agents
Anysphere has released version 1.0 of its AI editor, Cursor, along with new features including previews of a […]
Researchers warn of prompt injection vulnerability in GitHub MCP with no obvious fix
A team of researchers at Invariant Labs, based in Zurich, Switzerland, has warned developers of a prompt injection […]
MCP will be built into Windows to make an ‘agentic OS’ but security will be a key concern
Microsoft’s Build developer conference is under way in Seattle, where the company has revealed plans to make the […]
PHP security audit of critical code reveals flaws, fixed in new release
The PHP Foundation has reported the results of a security audit of the most critical parts of the […]
The risks of GitHub Actions: Researcher describes severe potential of CodeQL vulnerability, now fixed
A researcher has described how a vulnerability in GitHub’s CodeQL, a tool for detecting security issues, had the […]
Next.js team fixes vuln that allows auth bypass when middleware is used, revises documentation recommending this method
Security researchers Rachid Allam and Yasser Allam found a vulnerability in the Next.js middleware that makes it trivial […]