SecurityWeek

GitHub Issues Abused in Copilot Attack Leading to Repository Takeover

Orca has discovered a supply chain attack that abuses GitHub Issue to take over Copilot when launching a Codespace from that ...

How Researchers Reverse-Engineered LLMs For A Ranking Experiment

Researchers test two ways to reverse engineer the LLM rankings of Claude 4, GPT-4o, Gemini 2.5, and Grok-3. Researchers ...
The Hacker News

RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN

RoguePilot flaw let GitHub Copilot leak GITHUB_TOKEN, while new studies expose LLM side channels, ShadowLogic backdoors, and promptware risks.

Vibe coding with overeager AI: Lessons learned from treating Google AI Studio like a teammate

I wanted to build an entire production‑ready business application by directing an AI inside a vibe coding environment without writing a single line of code myself.
WeLiveSecurity

PromptSpy ushers in the era of Android threats using GenAI

ESET researchers discover PromptSpy, the first known Android malware to abuse generative AI in its execution flow.

Collate Launches Semantic Intelligence Graph to Help AI Understand Enterprise Data

Central to Collate’s new capabilities is the launch of AI Studio , which enables enterprises to build, deploy, customize, and tune AI agents to their unique data environments. AI Studio provides a ...

Supply chain worm with its own MCP server spreads via GitHub

A new malware is circulating in the npm ecosystem, stealing credentials and CI secrets and spreading autonomously.
InfoWorld

How to choose the best LLM using R and vitals

Use the vitals package with ellmer to evaluate and compare the accuracy of LLMs, including writing evals to test local models ...

Android malware taps Gemini to navigate infected devices

For now, it might not function outside of a lab Cybersecurity researchers say they've spotted the first Android malware strain that uses generative AI to improve performance once installed. But it may ...

Current is a new RSS reader that’s more like a river than an inbox

A new app called Current is rethinking the RSS reader, aiming to offer a reading experience that feels more like dipping into ...