AI coding agents are reshaping software development—but they’re also expanding the attack surface. Researchers uncovered a now-patched vulnerability in Anthropic’s Claude Code GitHub Action that could have enabled prompt injection attacks to expose CI/CD secrets, API keys, and credentials. As AI agents gain autonomy in development workflows, organizations must treat untrusted inputs as hostile and rethink CI/CD security models. Natural language is becoming executable code—and attackers know it.
Shai-Hulud Clone ‘Miasma’ Compromises 32 Red Hat npm Packages
The threat group behind the notorious Mini Shai-Hulud worm last month put the complete source code for the malware into a GitHub repository, essentially open sourcing the threat so that other bad actors can create their own variants. GitHub reportedly took down the repository shortly after it appeared, but the damage was already done, with […]
Critical Microsoft GitHub Flaw Highlights Dangers to CI/CD Pipelines: Tenable
A critical vulnerability in a popular Microsoft GitHub repository could allow a threat actor to easily exploit its CI/CD infrastructure to run arbitrary code in the repository and gain access to secrets, according to researchers with cybersecurity firm Tenable. In an advisory issued April 21, Rémy Marot, staff research engineer at Tenable, wrote that “by […]
Sophisticated Supply Chain Attack Targeting Trivy Expands to Checkmarx, LiteLLM
The supply chain attack that compromised Aqua Security’s Trivy open source security vulnerability scanner and its associated GitHub Actions earlier this month continues to expand, with software development tools from Checkmarx and LiteLLM being the latest victims of the sophisticated campaign. The threat group behind it, TeamPCP, is using the attacks to create persistence and […]
Anthropic Adds Automated Security Reviews to Claude Code
Anthropic pulls security into the inner dev loop with new Claude Code tools that scan for vulnerabilities in the terminal and on every pull request—before insecure code ever ships.
Best of 2025: GitHub Action Compromise Risks Data Leaks for 23,000 Repositories
The attacker introduced malicious Python code that would expose secrets like authentication credentials in public repositories.
DevOps Workflow: The Key Elements and Tools Involved
What does a modern DevOps workflow look like? Click to learn about the essential elements, tools, and practices involved in the effective work process.
How Engineers are Automating More with Less: Trends in DevOps Tooling
DevOps automation is shifting from complex, monolithic pipelines to lean, modular, AI-enhanced workflows—driving efficiency, cost savings, and better developer experience.
Free Tiers and Open Source LLMs – Mana for Developers, Platform Engineers and QA
Development rarely follows one straight path. You sketch ideas, prototype, test, swap tools, iterate, and repeat. The increasing availability of free, limited-use AI tiers and locally run open-source AI LLMs is accelerating that loop. These tiers are not marketing fluff. They are practical on-ramps for developers and engineers. They offer the freedom to test, compare, […]
CI/CD Pipelines for Large Teams: How to Keep Velocity Without Breaking the Build
Continuous integration (CI) and continuous delivery (CD) are essential for modern software teams, as there is now a need for fast feature delivery and high-velocity improvements. However, achieving high speed may be difficult without compromising reliability, as the process involves coordinating among development teams working on different features of the same application simultaneously, product complexity […]