New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...

For the 2nd time in weeks, Microsoft packages laced with credential stealer

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI ...
Dark Reading

'Hades' Campaign Against PyPI Puts New Spin on Shai-Hulud

Threat actors have struck the software supply chain yet again, this time hitting the Python Package Index (PyPI) with Mini Shai-Hulud in an attempt to spread poisoned code. In the latest campaign, ...
Decrypt

Claude Code Vulnerability Could Let Attackers Steal Credentials From GitHub, Says Microsoft

Researchers say prompt injection attacks could manipulate AI coding agents to access sensitive credentials stored in software ...
InfoWorld

GitHub adds new Copilot features as usage-based billing takes effect

A desktop app and a new collaborative work surface could boost developer productivity, but enterprises will need stronger ...

GitHub just switched Copilot to metered billing, and developers are watching months of credits vanish in a single day

Back in April, the company said it would move all Copilot plans to a usage-based system that bills users based on actual AI ...
Technobezz.com

GitHub Launches Copilot App as Dedicated Desktop Operating System for AI Agents

GitHub just turned Copilot into its own desktop operating system for AI agents. The new GitHub Copilot app, announced at Microsoft Build 2026, is a dedicated application that replaces scattered chat ...
The Hacker News

⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos

Supply chain chaos, old bugs, smarter phishing, and botnets everywhere — here’s what broke the internet this week.

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...
SiliconANGLE

GitHub confirms breach of 3,800 internal repos after employee installs poisoned VS Code extension

Hackers exfiltrated roughly 3,800 of GitHub Inc.’s internal code repositories after one of its employees installed a poisoned Visual Studio Code extension, the Microsoft Corp.-owned developer platform ...
HoopsHype

So, adding KD, it’s a whole new team. We didn’t get …

Fred VanVleet: “You’ve got to remember, bro, for what we built here in a quick turnaround, basically, we took four of our five starters out: me, Dillon, Jalen, Steven. Essentially, right? So, adding ...
Fast Company

Five ways to fix team communication (without adding more meetings)

Most teams respond to communication problems by adding more meetings. Another weekly check-in to keep everyone aligned. Another “quick sync” because the email thread got messy. Another call because ...