New Scientist

NHS England rushes to hide software over AI hacking fears

National Health Service rules state that all software created with public money should be publicly available, but fears of ...
Morning Overview on MSN

GitHub patches critical remote code execution flaw in private repositories

GitHub has patched a high-severity remote code execution vulnerability that allowed anyone with push access to a private ...
The Hacker News

Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft

Sleeper packages in Ruby and Go steal credentials and alter CI workflows, leading to persistent access and data exfiltration.
CIO

From copilot to control plane: Where serious AI governance starts

The real AI test isn't how fast you can code; it's whether you have the guardrails to manage what your agents are doing ...

How Microsoft’s GitHub just told everyone that AI agents are 'behind' recent outages: We hear the pain you are

GitHub CTO Vlad Fedorov has published a public apology after two major incidents left thousands of repositories and pull ...
Hackaday

This Week In Security: State Malware, State Hardware Bans, And Stuxnet Before Stuxnet Was Cool

Making headlines everywhere is the CopyFail Linux kernel vulnerability, which allows local privilege escalation (LPE) from any user to root privileges on most kernels and distributions. Local ...
DataBreachToday

Palo Alto Networks Targets AI Agent Gateway With Portkey Buy

Palo Alto Networks plans to acquire Portkey to centralize AI agent communications through a gateway that enforces runtime ...
Analytics InsightOpinion

Why OpenAI's Biggest Security Risk isn't ChatGPT, it's Everyone Around it

OpenAI has developed ChatGPT from a research prototype into an international product that supports both informal ...
Arabian Post on MSN

MCP promise collides with security reality

MCP’s rapid rise as the preferred bridge between AI assistants and external tools is running into a harder test inside production software teams: whether convenience justifies the security, ...
SecurityWeek

In Other News: Scattered Spider Hacker Arrested, SOC Effectiveness Metrics, NSA Tool Vulnerability

OFAC hits Iranian central bank crypto reserves, ADT suffers major data leak, and CISA guidance for zero trust in OT ...