Search results for GitHub Actions
AI & Enterprise
‘Comment and Control’ attack can hack Claude Code, Gemini CLI and GitHub Copilot at once
A security engineer disclosed a prompt injection technique dubbed “Comment and Control” that can attack Anthropic’s Claude Code, Google’s Gemini CLI and GitHub Copilot Agent at the same time, SecurityWeek reported. The method manipulates common GitHub content such as comments, PR titles and issue bodies to trick AI agents into running attacker-chosen commands. Tests showed credential and API key theft and data exfiltration. All three companies confirmed the issue and paid bug bounties.
AI & Enterprise
Tech Insight: Why software supply chains are being breached quickly amid the spread of AI coding
A widely used software package, Axios, was hacked after attackers took over a maintainer account, added a new dependency and shipped an update. The added package installed a tailored remote-access trojan and erased traces, while many security tools failed to flag it. Andreessen Horowitz partners said the case shows software supply-chain risk rising as AI coding spreads. They cited research finding AI agents more often pick vulnerable versions and enable new attacks such as slopsquatting, while detection remains slow in the industry.
AI & Enterprise
Reporters who asked what a terminal was become builders in 4 weeks by trying vibe coding
Seven journalists gathered in Seoul on March 17 to present mini projects built over four weeks at a runnerthon run by vibe-coding startup Popup Studio. Most had never opened a terminal. Using natural-language prompts, they created tools including a card-news generator, a health app and a Telegram bot that sends procurement award results from 22 agencies under the Ministry of Science and ICT. The session stressed structured context engineering and document-based coding.
