Supply chain worm with its own MCP server spreads via GitHub

A new malware is circulating in the npm ecosystem, stealing credentials and CI secrets and spreading autonomously.
SecurityWeek

New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM

Hulud-like Sandworm_Mode supply chain attack targets NPM developers to steal secrets and poison AI assistants.
OSTechNix

Gentoo Linux Migrates Mirror Infrastructure to Codeberg

Gentoo Linux is migrating its mirrors from GitHub to Codeberg to avoid forced Copilot usage. Learn how to use the new AGit workflow.

Too much Copilot: Gentoo switches from GitHub to Codeberg

The operators of Gentoo Linux have opened a presence on Codeberg, a platform competing with GitHub. They cite GitHub Copilot as the reason.