The Hacker News

AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks

A critical misconfiguration in Amazon Web Services (AWS) CodeBuild could have allowed complete takeover of the cloud service provider's own GitHub repositories, including its AWS JavaScript SDK, ...
Bleeping Computer

Shai-Hulud 2.0 NPM malware attack exposed up to 400,000 dev secrets

The second Shai-Hulud attack last week exposed around 400,000 raw secrets after infecting hundreds of packages in the NPM (Node Package Manager) registry and publishing stolen data in 30,000 GitHub ...
GitHub

Remove GitHub Copilot fetch tool "Always Allow" permission.

I was not given this option. Now GitHub Copilot automatically fetches items, and even worse, if multiple items are fetched, no indication is given of what URLs were fetched, as I explained in #265850.
GitHub

fetch server reproducible bug

Enable the fetch server with Claude Desktop. I have the Pro subscription. Give it this URL, it'll pull a dozen articles I wrote and summarize them. I manually counted and I see 31 articles under this ...