The Hacker News

Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets

Five malicious Rust crates and an AI bot exploited CI/CD pipelines and GitHub Actions in Feb 2026, stealing developer secrets ...
InfoQ

AI-Powered Bot Compromises GitHub Actions Workflows Across Microsoft, DataDog, and CNCF Projects

AI-powered bot hackerbot-claw exploited GitHub Actions workflows across Microsoft, DataDog, and CNCF projects over 7 days ...
IEEE Spectrum on MSN

An AI agent blackmailed a developer. Now what?

A real-world attack by an OpenClaw agent opens a new can of worms ...
Bleeping Computer

Over 3.1 million fake "stars" on GitHub projects used to boost rankings

GitHub has a problem with inauthentic "stars" used to artificially inflate the popularity of scam and malware distribution repositories, helping them reach more unsuspecting users. Stars are similar ...
heise online

GitHub introduces measures against AI slop – without clearly naming the problem

Many open-source maintainers can sing a song about it: The pull requests are increasing, but the quality of code changes is not necessarily improving. The reason is obvious: With the help of AI coding ...