FYI:🟦☁️ 👉 @clarkio.com

A fun test to see how well you do at checking agentic AI permissions: llmgame.scalex.dev/

Big banks aren't known for moving fast on new tech. With AI it's a different story. Some are even buying supercomputers to train their own internal models.

Versions of - laravel-lang/lang - laravel-lang/http-statuses - laravel-lang/attributes - laravel-lang/actions have been published with malicious versions Packagist has unlisted the packages, but if you installed any of them between May 22–23, treat the environment as compromised

Your first instinct after getting hit by the TanStack npm attack is to revoke your GitHub token. Don't. The malware polls GitHub every 60 seconds. Gets a 401? It runs rm -rf ~/ Here's the right remediation order before you touch a single credential. youtu.be/YrwM2EFYrUY

1/ We are sharing additional details regarding our investigation into unauthorized access to GitHub's internal repositories. Yesterday we detected and contained a compromise of an employee device involving a poisoned VS Code extension. We removed the malicious extension version, isolated the endpoint, and began incident response immediately.

A government contractor just leaked a ton of sensitive info including admin passwords for CISA's AWS GovCloud accounts - all to a public GitHub repo. CISA says they "hold our team members to the highest standards of integrity and operational awareness" Followed by evidence of them turning off basic GitHub defaults that would protect from publishing secrets. And dictionary passwords that were the name of the service the year.

💥 Game changer for Web Development announced at GoogleIO- Modern Web Guidance! It’s expert-vetted skills for web development based on best practices of latest specs and APIs. It ensures your agent/coding harness doesn’t default to older and out of date patterns to build sites.

We are investigating unauthorized access to GitHub’s internal repositories. While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories), we are closely monitoring our infrastructure for follow-on activity.

More and more companies are deploying AI-generated code into production. Much of that code contains vulnerabilities. Making traditional AppSec struggle to keep up. @snyksec @AnthropicAI's Claude = security at AI speed 👇 snyk.io/news/snyk-embeds-ant…

Looking forward to chatting with @_clarkio today! Happening in 5 hours. Come hang with us! youtube.com/live/nt8KvxQiGmM…

Any guesses on when the same happens at Anthropic, OpenAI, Cursor? I think it's gonna be in the next 2-3 months. github.blog/news-insights/co…

I think we've reached the tipping point of AI companies subsidizing our usage of models and tools...

AI bois be like:

oh that bitwarden cli supply chain campaign? see how easily npq catches a bunch of issues there: - provenance regression - postinstall script - version recency $ npm install -g npq use npq ✨

Over the past month, some of you reported Claude Code's quality had slipped. We investigated, and published a post-mortem on the three issues we found. All are fixed in v2.1.116 and we’ve reset usage limits for all subscribers.

Looking forward to hanging with @_clarkio!