News Heat Trend
Project Overview
Code is a crypto payments organization has built an app to take on one of the internet's oldest dreams: micropayments, the ability to spend tiny amounts of value for digital goods (like access to blog posts, live streams or digital art). Code builds upon the kin (KIN) cryptocurrency.
OpenAI Releases Frontier Governance Framework
OpenAI has released the Frontier Governance Framework, systematically elaborating on how its AI safety and governance practices align with emerging regulatory requirements such as the California Frontier AI Transparency Act and the EU's General-Purpose AI Code of Conduct. Based on OpenAI's existing Preparedness Framework, this framework focuses on areas including cyberattacks, CBRN risks, harmful manipulation, loss of control risks, model reporting, security incident response, and external expert review. It also states that it will be continuously updated as model capabilities and the regulatory environment evolve.
GitHub Updates Security Incident Investigation: Employee Compromised by Malicious VS Code Plugin, Approximately 3,800 Internal Repositories Stolen
GitHub posted on X platform, sharing more investigation details regarding the unauthorized access incident to its internal repositories. Yesterday, GitHub detected and contained an attack on an employee's device involving a malicious VS Code plugin. GitHub has removed the malicious plugin version, isolated the endpoint, and immediately initiated an incident response.Current assessment indicates that this activity only involved the theft of GitHub's internal repositories. The attackers' claim of approximately 3,800 repositories aligns with GitHub's investigation direction so far. GitHub has taken swift action to mitigate risks, rotating critical keys yesterday and overnight, and prioritizing the most impactful credentials. GitHub will continue analyzing logs, verifying key rotations, and monitoring subsequent activities. A more comprehensive report will be released upon completion of the investigation.
CZ: Reminder to Check and Replace API Keys in Code
CZ posted on the X platform, stating that if there are API keys in your code, even if it's a private repository, now is the time to re-check and replace them.GitHub is currently investigating unauthorized access to its internal repositories. Although there is currently no evidence of an impact on customer information stored outside of GitHub’s internal repositories (such as customer enterprises, organizations, and repositories), it is closely monitoring subsequent activity related to the infrastructure.
Grafana Discloses GitHub Environment Security Incident: Hackers Stole Code Repositories and Launched Ransomware Attack
Open-source data visualization tool Grafana announced on X that it recently discovered an unauthorized attacker had obtained a token granting access to Grafana Labs’ GitHub environment and used it to download code repositories. An investigation confirmed that no customer data or personal information was compromised, and no impact was found on customer systems or business operations. Forensic analysis was initiated immediately following the incident, and the source of the credential leak has been identified. Additional security measures have also been deployed to strengthen environmental protections. Additionally, Grafana disclosed that the attacker attempted to extort payment via ransomware to prevent public disclosure of the code repositories; however, the company ultimately decided not to pay the ransom. More details from the post-incident review will be shared after the investigation concludes.
Leader of the UK Reform Party faces ethics review over $6.7 million gift from Tether investor
the UK Parliamentary Commissioner for Standards is investigating MP Nigel Farage, leader of the Reform UK party, for allegedly failing to declare a £5 million (approximately $6.7 million) personal gift from Christopher Harborne, an investor in Tether.Christopher Harborne holds a 12% stake in Tether. Nigel Farage stated that the gift was received in 2024 before he announced his candidacy, and was used for personal security, therefore he was not obligated to declare it. According to the UK House of Commons Code of Conduct, new MPs must register interests received in the 12 months prior to their election. If found in violation, Nigel Farage could face penalties such as an apology, suspension, or expulsion from Parliament. (Decrypt)
Hackers Inject Malicious Code into Mistral AI Software Package
According to Decrypt, Microsoft’s Threat Intelligence team disclosed that attackers had injected malicious code into Mistral AI packages distributed via the PyPI platform. This malicious code automatically executes when developers use the packages on Linux systems, downloading and running a malicious file named <code>transformers.pyz</code> in the background—the filename deliberately mimics the widely used Hugging Face Transformers library to evade detection. Microsoft noted that the malware primarily steals developers’ login credentials and access tokens. It avoids execution on Russian-language systems and includes logic that can randomly delete files on devices located in Israel or Iran. This attack is linked to the “Shai-Hulud” supply-chain campaign launched in September. In response, Mistral stated that its investigation found the attack originated from compromised developer devices, and its corporate infrastructure was not breached.
Bitget Launches New User Futures Campaign with Up to $656 USDT Rewards per User
Bitget Launches the “Code 0511” New User Campaign, Running from May 11 to May 18. During the campaign period, users who complete KYC verification will receive 1–5 USDT; those who complete their first deposit and futures trading task—each totaling at least 100 USDT—will receive an additional 10 USDT. Moreover, new users whose futures trading volume reaches specified thresholds can claim further rewards, with a maximum cumulative reward of 641 USDT. Full campaign rules are published on the official Bitget platform. Eligible users must click the “Join Now” button to register before participating.
Bitget Wallet Launches May Day QR Code Payment Campaign with Cashback up to 1,000 RLUSD per Transaction
Bitget Wallet has launched a Labor Day QR code payment campaign, running from April 28 to May 7, further driving the adoption of stablecoin payments in everyday consumption and travel scenarios across the Asia-Pacific (APAC) region. During the campaign, users who complete offline QR code payments using USDT or USDC will receive RLUSD cashback for each transaction. From May 1 to May 7, Bitget Wallet will randomly select one paying user per day to receive an additional 1,000 RLUSD cashback. To lower the barrier to first-time usage, Bitget Wallet will also airdrop XRP to eligible participants—serving as the account reserve required to activate RLUSD withdrawals. RLUSD is a compliant U.S. dollar-pegged stablecoin issued by Ripple and regulated by the New York State Department of Financial Services (NYDFS). This campaign marks Bitget Wallet’s first real-world consumer application following its integration of the XRP Ledger (XRPL) mainnet and onboarding of the RLUSD payment ecosystem at the end of March—and represents a key milestone in advancing Bitget Wallet’s Everyday Finance strategy.
Binance Launches QR Code Payments in Bolivia, Supporting 100 Cryptocurrencies Including USDT and BTC
Binance has announced support for users to make payments at all merchants in Bolivia using Binance QR codes. Over 100 cryptocurrencies—including USDT and BTC—are supported. Users simply confirm transactions via the app, and Binance automatically converts their funds into the local currency at the time of payment. Binance stated that the QR code payment service is available exclusively to Binance users whose identity verification location is in Bolivia, and users must hold cryptocurrency in their Binance account (Binance Spot, Deposit, or Earn).
CertiK: Crypto platform attack losses fell to $68.3 million in May, down nearly 90% month-over-month
CertiK data shows attack losses on crypto platforms fell to $68.3 million in May, down nearly 90% from $650 million in April. May became the third month in 2026 with losses below $100 million. Approximately $2.6 million of this came from phishing attacks, and about $9.4 million of the stolen funds have been recovered or returned. The largest single loss in May came from the Verus Protocol cross-chain bridge attack, with $11.5 million stolen; THORChain ranked second, with $10.1 million stolen. Code vulnerabilities were the attack type with the highest losses, totaling approximately $45 million, accounting for 66%; wallet or private key leaks resulted in $13.7 million in losses. Cross-chain bridges were the primary attack targets, suffering losses of $28.6 million, accounting for 42%.
OpenAI Releases Frontier Governance Framework
OpenAI has released the Frontier Governance Framework, systematically elaborating on how its AI safety and governance practices align with emerging regulatory requirements such as the California Frontier AI Transparency Act and the EU's General-Purpose AI Code of Conduct. Based on OpenAI's existing Preparedness Framework, this framework focuses on areas including cyberattacks, CBRN risks, harmful manipulation, loss of control risks, model reporting, security incident response, and external expert review. It also states that it will be continuously updated as model capabilities and the regulatory environment evolve.
GitHub Updates Security Incident Investigation: Employee Compromised by Malicious VS Code Plugin, Approximately 3,800 Internal Repositories Stolen
GitHub posted on X platform, sharing more investigation details regarding the unauthorized access incident to its internal repositories. Yesterday, GitHub detected and contained an attack on an employee's device involving a malicious VS Code plugin. GitHub has removed the malicious plugin version, isolated the endpoint, and immediately initiated an incident response.Current assessment indicates that this activity only involved the theft of GitHub's internal repositories. The attackers' claim of approximately 3,800 repositories aligns with GitHub's investigation direction so far. GitHub has taken swift action to mitigate risks, rotating critical keys yesterday and overnight, and prioritizing the most impactful credentials. GitHub will continue analyzing logs, verifying key rotations, and monitoring subsequent activities. A more comprehensive report will be released upon completion of the investigation.
Grafana Discloses GitHub Environment Security Incident: Hackers Stole Code Repositories and Launched Ransomware Attack
Open-source data visualization tool Grafana announced on X that it recently discovered an unauthorized attacker had obtained a token granting access to Grafana Labs’ GitHub environment and used it to download code repositories. An investigation confirmed that no customer data or personal information was compromised, and no impact was found on customer systems or business operations. Forensic analysis was initiated immediately following the incident, and the source of the credential leak has been identified. Additional security measures have also been deployed to strengthen environmental protections. Additionally, Grafana disclosed that the attacker attempted to extort payment via ransomware to prevent public disclosure of the code repositories; however, the company ultimately decided not to pay the ransom. More details from the post-incident review will be shared after the investigation concludes.
Hackers Inject Malicious Code into Mistral AI Software Package
According to Decrypt, Microsoft’s Threat Intelligence team disclosed that attackers had injected malicious code into Mistral AI packages distributed via the PyPI platform. This malicious code automatically executes when developers use the packages on Linux systems, downloading and running a malicious file named <code>transformers.pyz</code> in the background—the filename deliberately mimics the widely used Hugging Face Transformers library to evade detection. Microsoft noted that the malware primarily steals developers’ login credentials and access tokens. It avoids execution on Russian-language systems and includes logic that can randomly delete files on devices located in Israel or Iran. This attack is linked to the “Shai-Hulud” supply-chain campaign launched in September. In response, Mistral stated that its investigation found the attack originated from compromised developer devices, and its corporate infrastructure was not breached.
Coinbase internal tool Mux reveals AI coding paradigm shift: Engineers transition from "code writers" to "multi-agent orchestrators"
Coinbase, a cryptocurrency trading platform, has disclosed in a technical sharing session that its internal multi-agent development tool "Mux" is reshaping software engineering workflows, transitioning the engineer's role from traditional code implementers to task orchestrators for AI agents.With the widespread internal adoption of AI programming tools such as Cursor, Copilot, OpenCode, and Claude Code, code generation efficiency has significantly improved. However, development workflows have long remained stuck in a traditional "single-task, single-branch, sequential execution" mode, creating a new collaboration bottleneck.Mux was born as an internal tool against this backdrop. By assigning each AI agent an independent git worktree, branch, and terminal environment, the system enables parallel multi-task development and conflict-free collaboration, allowing engineers to simultaneously direct multiple agents to handle tasks such as API development, test writing, vulnerability fixes, and code refactoring.Data shows that as of April 2026, Mux has covered over 600 users within Coinbase (including engineers, product managers, and designers), with 335 actively using it and 197 being high-frequency users. It has facilitated over 5,000 PR merges across 461 code repositories and 10 organizations. Engineers using Mux achieved an average of 39.6 PR merges, approximately 3.5 times the baseline of 11.4.Coinbase stated that Mux's success relies on its internal infrastructure capabilities, including an LLM Gateway, secure model access, and a code flow deployment system, enabling deep integration of multi-agent tools into real development workflows. This trend marks a structural shift in the software engineering paradigm: as AI reduces the cost of code generation, the core value of engineers is transitioning from "implementation capability" to "problem definition and agent orchestration capability."
OpenAI will advance the development of AI content provenance standards and support the EU’s transparency guidelines for AI-generated content.
OpenAI has officially announced its commitment to advancing the development of AI content provenance verification standards and supporting the European Commission’s “Code of Practice on Transparency of AI-Generated Content,” thereby enhancing traceability and transparency of AI-generated content. According to reports, since 2024, OpenAI has integrated C2PA metadata into its DALL·E 3 image generation tool to identify the origin of AI-generated content. Since then, OpenAI has continuously refined its content labeling and detection technologies and launched public verification tools to help users determine whether an image contains provenance signals associated with OpenAI-generated content.
OpenAI Releases Frontier Governance Framework
OpenAI has released the Frontier Governance Framework, systematically elaborating on how its AI safety and governance practices align with emerging regulatory requirements such as the California Frontier AI Transparency Act and the EU's General-Purpose AI Code of Conduct. Based on OpenAI's existing Preparedness Framework, this framework focuses on areas including cyberattacks, CBRN risks, harmful manipulation, loss of control risks, model reporting, security incident response, and external expert review. It also states that it will be continuously updated as model capabilities and the regulatory environment evolve.
Senator Lummis: If Clarity Act Not Passed This Congress, US Software Developers Will Again Face Lawsuits for Releasing Code
Odaily Planet Daily reported that Bitcoin News posted on X platform, stating that Senator Lummis said that if the Clarity Act is not passed during this Congress, US software developers will again become targets of lawsuits in the near future simply for releasing code. That's what's at stake.
Bitget Wallet QR Code Payment Expands to Three Latin American Countries, Including Argentina, Colombia, and Bolivia
Bitget Wallet has announced the expansion of its QR code payment service to Latin American markets, including Argentina, Colombia, and Bolivia. As a result, Bitget Wallet's QR code payment capability now covers key markets in both the Asia-Pacific and Latin America, accelerating the global expansion of its Everyday Finance strategy.This expansion follows Bitget Wallet's integration route with Brazil's Pix, and now connects to three local payment networks: Transferencias 3.0 (Argentina), Bre-B (Colombia), and QR Simple (Bolivia). Users can directly use USDC or USDT for QR code payments within the wallet without needing to exchange currencies in advance.
GitHub Updates Security Incident Investigation: Employee Compromised by Malicious VS Code Plugin, Approximately 3,800 Internal Repositories Stolen
GitHub posted on X platform, sharing more investigation details regarding the unauthorized access incident to its internal repositories. Yesterday, GitHub detected and contained an attack on an employee's device involving a malicious VS Code plugin. GitHub has removed the malicious plugin version, isolated the endpoint, and immediately initiated an incident response.Current assessment indicates that this activity only involved the theft of GitHub's internal repositories. The attackers' claim of approximately 3,800 repositories aligns with GitHub's investigation direction so far. GitHub has taken swift action to mitigate risks, rotating critical keys yesterday and overnight, and prioritizing the most impactful credentials. GitHub will continue analyzing logs, verifying key rotations, and monitoring subsequent activities. A more comprehensive report will be released upon completion of the investigation.
Grafana Discloses GitHub Environment Security Incident: Hackers Stole Code Repositories and Launched Ransomware Attack
Open-source data visualization tool Grafana announced on X that it recently discovered an unauthorized attacker had obtained a token granting access to Grafana Labs’ GitHub environment and used it to download code repositories. An investigation confirmed that no customer data or personal information was compromised, and no impact was found on customer systems or business operations. Forensic analysis was initiated immediately following the incident, and the source of the credential leak has been identified. Additional security measures have also been deployed to strengthen environmental protections. Additionally, Grafana disclosed that the attacker attempted to extort payment via ransomware to prevent public disclosure of the code repositories; however, the company ultimately decided not to pay the ransom. More details from the post-incident review will be shared after the investigation concludes.
Related news
OpenAI will advance the development of AI content provenance standards and support the EU’s transparency guidelines for AI-generated content.
OpenAI has officially announced its commitment to advancing the development of AI content provenance verification standards and supporting the European Commission’s “Code of Practice on Transparency of AI-Generated Content,” thereby enhancing traceability and transparency of AI-generated content. According to reports, since 2024, OpenAI has integrated C2PA metadata into its DALL·E 3 image generation tool to identify the origin of AI-generated content. Since then, OpenAI has continuously refined its content labeling and detection technologies and launched public verification tools to help users determine whether an image contains provenance signals associated with OpenAI-generated content.
Anthropic Warns of Risks from AI Self-Improvement: Claude Now Generates 80% of Company's Code
artificial intelligence company Anthropic has issued a warning about the significant risks posed by Recursive Self-Improvement (RSI). Last week, Anthropic announced that its AI model, Claude, is now capable of generating approximately 80% of the company's code. The company described this as a key signal that AI has entered a phase of "self-iteration"—where the model can design the next generation of AI systems without human intervention.The concept of recursive self-improvement has recently attracted widespread attention in Silicon Valley. Last month, OpenAI held a related conference in San Francisco, drawing multiple researchers to discuss both the potential and risks of AI self-iteration. Anthropic's statement emphasized that as AI capabilities rapidly improve, the urgent need for monitoring potentially uncontrollable behaviors and building safety mechanisms is becoming increasingly critical. (The Information)
Serenity: LeaderDrive holds over 60% of China's harmonic reducer market share, making it the most favored target in the humanoid robot track
"New Stock God" Serenity posted on X platform, stating that LeaderDrive (Stock Code: 688017, valued at 57.73 billion RMB) is its most favored listed target in China when laying out the humanoid robot track. The company's business covers harmonic reducers, humanoid robot rotary joint reducers, linear actuators, motors/joints, and other core components, and it is currently entering the field of planetary roller screws.It is reported that its harmonic reducers hold over 60% of the domestic market share, serving more than 1,800 global clients. Key customers include Universal Robots, UBTech, and Agibot, while Tesla, Figure, and the vast majority of other humanoid robot developers are its potential clients. According to rough estimates, the company's components account for 4% to 15% of the Bill of Materials (BOM) for each humanoid robot, a proportion that may further increase as it expands into more sub-segments.Serenity believes that such companies are difficult to model precisely in financial terms, and their prospects depend on the production scale of humanoid robots in the coming years. Therefore, the strategy is to take a directional long position on companies capable of capturing a significant share in each humanoid robot, rather than precise financial modeling. Serenity stated that China is a leader in scalable mass production within this field, and many Western players cannot reduce costs to LeaderDrive's level. As the world moves towards scaling physical AI, Serenity is extremely bullish on the robotics track.
CertiK: Crypto platform attack losses fell to $68.3 million in May, down nearly 90% month-over-month
CertiK data shows attack losses on crypto platforms fell to $68.3 million in May, down nearly 90% from $650 million in April. May became the third month in 2026 with losses below $100 million. Approximately $2.6 million of this came from phishing attacks, and about $9.4 million of the stolen funds have been recovered or returned. The largest single loss in May came from the Verus Protocol cross-chain bridge attack, with $11.5 million stolen; THORChain ranked second, with $10.1 million stolen. Code vulnerabilities were the attack type with the highest losses, totaling approximately $45 million, accounting for 66%; wallet or private key leaks resulted in $13.7 million in losses. Cross-chain bridges were the primary attack targets, suffering losses of $28.6 million, accounting for 42%.
OpenAI Releases Frontier Governance Framework
OpenAI has released the Frontier Governance Framework, systematically elaborating on how its AI safety and governance practices align with emerging regulatory requirements such as the California Frontier AI Transparency Act and the EU's General-Purpose AI Code of Conduct. Based on OpenAI's existing Preparedness Framework, this framework focuses on areas including cyberattacks, CBRN risks, harmful manipulation, loss of control risks, model reporting, security incident response, and external expert review. It also states that it will be continuously updated as model capabilities and the regulatory environment evolve.
AI programming startup Cognition completes over $1 billion in funding, valuation reaches $25 billion
: AI programming startup Cognition announced the completion of a new funding round of over $1 billion, with its pre-money valuation surging to $25 billion, doubling from the $10.2 billion post-money valuation achieved just 8 months ago.This funding round was led by Lux Capital and General Catalyst, with continued participation from Founders Fund and 8VC. New investors include Ribbit Capital, Atreides, and Layer Global.According to official data, the company's AI programmer product, Devin, has achieved a 50% month-over-month growth in enterprise user adoption over the past 6 months. The company's current Annual Recurring Revenue (ARR) has reached $492 million, with customers including major institutions such as Mercedes-Benz, NASA, Goldman Sachs, and Santander Bank.Facing competition from native AI coding tools such as Anthropic Claude Code, OpenAI Codex, and Google Jules, Cognition stated that Devin's continued growth and the acquisition of Windsurf assets demonstrate that independent AI programming agents still possess commercial viability.