Mastodawn

🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!

⚠️ Update NOW or disable GitHub Actions immediately!

https://blog.packagist.com/composer-2-9-8-and-2-2-28-fix-github-actions-token-disclosure-in-error-messages/

#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate

Composer 2.9.8 and 2.2.28 fix GitHub Actions token disclosure in error messages

Please immediately update Composer to version 2.9.8 or 2.2.28 (LTS) by running composer.phar self-update. The new releases fix a vulnerability where Composer leaks the full contents of GitHub Actions issued GITHUB_TOKENs or GitHub App installation tokens to the GitHub Actions logs. GitHub introduced a

Private Packagist

Marcus Schuler 1d ago

Pi's control layer is now the question. A May 9 research packet documents 2,369 catalog entries, provider routing, and package-trust issues that matter beyond personal use. Who owns the harness? What can change the agent? Teams considering deployment need answers before trust it.

#AIagents #softwaresecurity #opendev

https://www.implicator.ai/pi-the-coding-agent-behind-the-harness-engineering-hype-explained/

Pi Turns Coding Agents Into Harness Infrastructure

Pi's core stays small while its package catalog grows. The May 9 research packet turns the tool from a Claude Code comparison into a question about who owns the agent harness, the provider route and the trust boundary.

Implicator.ai

Tim Green 2d ago

The rise of autonomous, agentic coding tools like Claude Code is transforming software development, with rapid adoption and significant market share. Yet, security, technical debt, and productivity challenges highlight the need for mature governance and organisational adaptation.
Discover more at https://dev.to/rawveg/the-agentic-coding-revolution-4g6o
#HumanInTheLoop #AIinCoding #SoftwareSecurity #AIInnovation

The Agentic Coding Revolution

In December 2025, Anthropic announced that Claude Code had reached one billion dollars in annualised...

DEV Community

sayzard May 6

NHS England withdraws public software over AI hacking fears
NHS England가 AI 기반 해킹 우려로 인해 공개 소프트웨어 저장소를 임시로 철회하고 내부 개발 소프트웨어를 공개 플랫폼에서 제거하도록 지시했다. 이는 기존의 공개 소스 정책에서 전환된 조치로, 모든 소스 코드 저장소를 기본적으로 비공개로 전환하고 예외적인 경우에만 공개를 허용한다. 직원들은 5월 11일까지 이 지침을 준수해야 하며, AI 도구가 시스템 취약점을 악용할 가능성에 대한 선제적 대응이다.

https://www.computing.co.uk/news/2026/security/nhs-england-withdraws-public-software-over-hacking-fears

#nhsengland #aisecurity #opensource #softwaresecurity #cybersecurity

NHS England withdraws public software over AI hacking fears

NHS England is moving to take down publicly accessible software repositories, citing concerns that emerging AI tools such as Mythos could be used to uncover ...

Cyberagentur May 4

Die Cyberagentur hat die Ausschreibung für 3S veröffentlicht. Gesucht werden Ansätze, die Softwaresicherheit nachvollziehbar, messbar und vergleichbar machen. Statt bloßer Siegel braucht es belastbare Bewertungen für den digitalen Alltag.
Bewerbungen bis 15.06.2026. https://t1p.de/5q5gg
#Cyberagentur #Cybersicherheit #SoftwareSecurity #3S #Ausschreibung

Science News May 4

3S has launched: The Cyberagentur is seeking approaches that make software security measurable and comparable. Applications due by June 11, 2026. [Link to e-procurement]
https://t1p.de/m85ce
#3S #Cybersecurity #SoftwareSecurity
https://nachrichten.idw-online.de/2026/05/04/no-more-blind-trust-in-software

No more blind faith in software - Cyberagentur

3S aims to make software security comprehensible, measurable and comparable for end users The Agentur für Innovation in der Cybersicherheit GmbH (Cyberagentur) published the call for proposals for the “Software Security Score (3S)” research program on 28 April 2026. The aim of the program is to make software security traceable, measurable and comparable. A virtual […]

Cyberagentur

idw May 4

3S has launched: The Cyberagentur is seeking approaches that make software security measurable and comparable. Applications due by June 11, 2026. [Link to e-procurement]
https://t1p.de/m85ce
#3S #Cybersecurity #SoftwareSecurity
https://nachrichten.idw-online.de/2026/05/04/schluss-mit-blindem-softwarevertrauen

No more blind faith in software - Cyberagentur

3S aims to make software security comprehensible, measurable and comparable for end users The Agentur für Innovation in der Cybersicherheit GmbH (Cyberagentur) published the call for proposals for the “Software Security Score (3S)” research program on 28 April 2026. The aim of the program is to make software security traceable, measurable and comparable. A virtual […]

Cyberagentur

CVEDatabase.com Apr 30

Security Tip: Your security is only as strong as your deepest dependency. 🛡️

While auditing direct libraries is standard, transitive dependencies (libraries your dependencies rely on) are often overlooked. Regularly generate dependency trees to visualize these hidden layers and identify vulnerable sub-components.

Stay ahead of emerging threats at https://cvedatabase.com

#InfoSec #CyberSecurity #AppSec #SoftwareSecurity #CVE

CVEDatabase.com - Search & Analyze CVE Vulnerabilities

Search and analyze CVE vulnerabilities with instant access to CVSS scores, affected products, and AI-powered remediation guidance.

CVEDatabase.com

hackmac Apr 30

SAP unter Beschuss: Lieferkettenangriff auf npm-Pakete! Gestern, am 29. April 2026, traf ein gezielter Supply-Chain-Angriff – intern "Mini Shai-Hulud" genannt – die SAP-Entwicklungslandschaft. Angreifer schleusten bösartige Versionen dieser Pakete ein, mutmaßlich über einen kompromittierten Entwickleraccount. Dieser Vorfall zeigt einmal mehr: Software-Lieferketten sind kritische Angriffsflächen. #Cybersecurity #SupplyChain #SAP #npm #SoftwareSecurity #Cybercrime