Banana Squad hid data-stealing malware in fake GitHub repos posing as Python tools, tricking users and targeting sensitive info like browser and wallet data.
Category: GitHub
AI, Enterprise, GitHub, Global Security News, mcp, Microsoft, Microsoft Build
GitHub, Microsoft embrace Anthropic’s spec for connecting AI models to data sources
GitHub and Microsoft, GitHub’s corporate parent, are joining the steering committee for MCP, Anthropic’s standard for connecting AI models to the systems where data resides. The announcement, which was made at Microsoft’s Build 2025 conference on Monday, comes as MCP gains steam in the AI industry. Earlier this year, both OpenAI and Google said they…
AI, Enterprise, gemini, GitHub, Global Security News
Google’s Gemini chatbot can now more easily analyze GitHub projects
Gemini, Google’s AI-powered chatbot, can now connect to GitHub — for users subscribed to the $20-per-month Gemini Advanced plan, that is. As of Wednesday, Gemini Advanced customers can directly add a public or private codebase on GitHub to Gemini to allow the chatbot to generate and explain code, debug existing code, and more. Users can…
A Little Sunshine, Carole Winqwist, Department of Government Efficiency, doge, Eric Fourrier, General Services Administration, GitGuardian, GitHub, Global Security News, Grok, GSAi, Latest Warnings, Philippe Caturegli, Reuters, Seralys, SpaceX, Tesla, The Coming Storm, The Washington Post, twitter/x, xAI
xAI Dev Leaks API Key for Private SpaceX, Tesla LLMs
An employee at Elon Musk’s artificial intelligence company xAI leaked a private key on GitHub that for the past two months could have allowed anyone to query private xAI large language models (LLMs) which appear to have been custom made for working with internal data from Musk’s companies, including SpaceX, Tesla and Twitter/X, KrebsOnSecurity has learned.…
A Little Sunshine, async-ip-rotator, Browserless, Daniel J. Berulis, Department of Government Efficiency, Department of Health and Human Services, doge, Ge0rg3, GitHub, Global Security News, Integuru, Labor Department, Marko Elez, National Labor Relations Board, Politico, The Coming Storm, The Wall Street Journal
DOGE Worker’s Code Supports NLRB Whistleblower
A whistleblower at the National Labor Relations Board (NLRB) alleged last week that denizens of Elon Musk’s Department of Government Efficiency (DOGE) siphoned gigabytes of data from the agency’s sensitive case files in early March. The whistleblower said accounts created for DOGE at the NLRB downloaded three code repositories from GitHub. Further investigation into one…
A Little Sunshine, Amazon, Andrew P. Bakaj, CNN, Cybersecurity and Infrastructure Security Agency, Daniel J. Berulis, doge, GitHub, Global Security News, Lasharn Hamilton, Latest Warnings, Microsoft Azure, NPR, NxGen, president trump, SpaceX, The Coming Storm, Tim Bearese, US-CERT
Whistleblower: DOGE Siphoned NLRB Case Data
A security architect with the National Labor Relations Board (NLRB) alleges that employees from Elon Musk‘s Department of Government Efficiency (DOGE) transferred gigabytes of sensitive data from agency case files in early March, using short-lived accounts configured to leave few traces of network activity. The NLRB whistleblower said the unusual large data outflows coincided with…
AI, Copilot, GitHub, Global Security News
GitHub Copilot introduces new limits, charges for ‘premium’ AI models
GitHub Copilot, Microsoft-owned GitHub’s AI coding assistant, could soon become costlier for some users. On Friday, GitHub announced “premium requests” for GitHub Copilot, a new system that imposes rate limits when users switch to AI models other than the base model for tasks such as “agentic” coding and multi-file edits. While GitHub Copilot subscribers can…
CryptoCurrency, Cybercrime, Cybersecurity, GitHub, Global Security News, Lazarus Group, malware, North Korea, npm, Research, Socket, software security, Threats
Lazarus Group deceives developers with 6 new malicious npm packages
Lazarus Group has burrowed deeper into the npm registry and planted six new malicious packages designed to deceive software developers and disrupt their workflows, researchers at cybersecurity firm Socket said in a Monday blog post. The North Korea-linked threat group embedded BeaverTail malware into the npm packages to install backdoors and steal credentials and data…
Cybersecurity, Exclusive, generative ai, GitHub, Global IT News, Global Security News, microsoft copilot, Security
Thousands of exposed GitHub repos, now private, can still be accessed through Copilot
Data exposed even briefly can live on in generative AI chatbots long after the data is made private. © 2024 TechCrunch. All rights reserved. For personal use only.
AI, Copilot, Enterprise, GitHub, Global IT News, Global Security News, Microsoft, TC
GitHub Copilot brings mockups to life by generating code from images
GitHub has announced a slew of updates for Copilot, while also giving a glimpse into a more agentic future for its AI-powered pair programmer. Among the notable updates includes a feature called Vision for Copilot, which allows users to attach a screenshot, photo, or diagram to a chat, with Copilot generating the interface, code, and…
citrix, git, GitHub, Global Security News, Microsoft, microsoft powerpoint, microsoft visual studio, microsoft windows, Patch Tuesday, Security, Software, vulnerabilities
Patch Tuesday: January 2025 Security Update Patches Exploited Elevation of Privilege Attacks
Microsoft’s monthly patches cover Hyper-V NT Kernel Integration VSPs, Git in Visual Studio, and more.
GitHub, Global IT News, Global Security News, Google, Meta, openai, Social, TechCrunch Week in Review, Week in Review
OpenAI announces new o3 model — but you can’t use it yet
Welcome back to Week in Review. This week, we’re looking at OpenAI’s last — and biggest — announcement from its “12 Days of OpenAI” event; Apple’s potential entrance into the foldable market; and why Databricks is choosing to wait to go public. Let’s get into it. P.S. We’re off for the holidays! Week in Review…
AI, Copilot, Enterprise, free, GitHub, GitHub Copilot, Global IT News, Global Security News, TC
GitHub launches a free version of its Copilot
Microsoft-owned GitHub today announced a free version of its popular Copilot code completion/AI pair programming tool, which will also now ship by default with Microsoft’s popular VS Code editor. Until now, most developers had to pay a monthly fee, starting at $10 per month, with only verified students, teachers, and open source maintainers getting free…