News linked to both this project and an event.
CertiK data shows attack losses on crypto platforms fell to $68.3 million in May, down nearly 90% from $650 million in April. May became the third month in 2026 with losses below $100 million. Approximately $2.6 million of this came from phishing attacks, and about $9.4 million of the stolen funds have been recovered or returned. The largest single loss in May came from the Verus Protocol cross-chain bridge attack, with $11.5 million stolen; THORChain ranked second, with $10.1 million stolen. Code vulnerabilities were the attack type with the highest losses, totaling approximately $45 million, accounting for 66%; wallet or private key leaks resulted in $13.7 million in losses. Cross-chain bridges were the primary attack targets, suffering losses of $28.6 million, accounting for 42%.
OpenAI has released the Frontier Governance Framework, systematically elaborating on how its AI safety and governance practices align with emerging regulatory requirements such as the California Frontier AI Transparency Act and the EU's General-Purpose AI Code of Conduct. Based on OpenAI's existing Preparedness Framework, this framework focuses on areas including cyberattacks, CBRN risks, harmful manipulation, loss of control risks, model reporting, security incident response, and external expert review. It also states that it will be continuously updated as model capabilities and the regulatory environment evolve.
GitHub posted on X platform, sharing more investigation details regarding the unauthorized access incident to its internal repositories. Yesterday, GitHub detected and contained an attack on an employee's device involving a malicious VS Code plugin. GitHub has removed the malicious plugin version, isolated the endpoint, and immediately initiated an incident response.Current assessment indicates that this activity only involved the theft of GitHub's internal repositories. The attackers' claim of approximately 3,800 repositories aligns with GitHub's investigation direction so far. GitHub has taken swift action to mitigate risks, rotating critical keys yesterday and overnight, and prioritizing the most impactful credentials. GitHub will continue analyzing logs, verifying key rotations, and monitoring subsequent activities. A more comprehensive report will be released upon completion of the investigation.
Open-source data visualization tool Grafana announced on X that it recently discovered an unauthorized attacker had obtained a token granting access to Grafana Labs’ GitHub environment and used it to download code repositories. An investigation confirmed that no customer data or personal information was compromised, and no impact was found on customer systems or business operations. Forensic analysis was initiated immediately following the incident, and the source of the credential leak has been identified. Additional security measures have also been deployed to strengthen environmental protections. Additionally, Grafana disclosed that the attacker attempted to extort payment via ransomware to prevent public disclosure of the code repositories; however, the company ultimately decided not to pay the ransom. More details from the post-incident review will be shared after the investigation concludes.
According to Decrypt, Microsoft’s Threat Intelligence team disclosed that attackers had injected malicious code into Mistral AI packages distributed via the PyPI platform. This malicious code automatically executes when developers use the packages on Linux systems, downloading and running a malicious file named <code>transformers.pyz</code> in the background—the filename deliberately mimics the widely used Hugging Face Transformers library to evade detection. Microsoft noted that the malware primarily steals developers’ login credentials and access tokens. It avoids execution on Russian-language systems and includes logic that can randomly delete files on devices located in Israel or Iran. This attack is linked to the “Shai-Hulud” supply-chain campaign launched in September. In response, Mistral stated that its investigation found the attack originated from compromised developer devices, and its corporate infrastructure was not breached.
Coinbase, a cryptocurrency trading platform, has disclosed in a technical sharing session that its internal multi-agent development tool "Mux" is reshaping software engineering workflows, transitioning the engineer's role from traditional code implementers to task orchestrators for AI agents.With the widespread internal adoption of AI programming tools such as Cursor, Copilot, OpenCode, and Claude Code, code generation efficiency has significantly improved. However, development workflows have long remained stuck in a traditional "single-task, single-branch, sequential execution" mode, creating a new collaboration bottleneck.Mux was born as an internal tool against this backdrop. By assigning each AI agent an independent git worktree, branch, and terminal environment, the system enables parallel multi-task development and conflict-free collaboration, allowing engineers to simultaneously direct multiple agents to handle tasks such as API development, test writing, vulnerability fixes, and code refactoring.Data shows that as of April 2026, Mux has covered over 600 users within Coinbase (including engineers, product managers, and designers), with 335 actively using it and 197 being high-frequency users. It has facilitated over 5,000 PR merges across 461 code repositories and 10 organizations. Engineers using Mux achieved an average of 39.6 PR merges, approximately 3.5 times the baseline of 11.4.Coinbase stated that Mux's success relies on its internal infrastructure capabilities, including an LLM Gateway, secure model access, and a code flow deployment system, enabling deep integration of multi-agent tools into real development workflows. This trend marks a structural shift in the software engineering paradigm: as AI reduces the cost of code generation, the core value of engineers is transitioning from "implementation capability" to "problem definition and agent orchestration capability."
Bybit’s Security Operations Center has identified a multi-stage malware campaign targeting macOS users of Claude Code, an AI-powered search and development tool. Attackers used search engine optimization (SEO) poisoning to push malicious domains to the top of Google search results, luring users to counterfeit installation pages. Once installed, the malware steals browser credentials, macOS Keychain data, Telegram sessions, VPN configurations, and cryptocurrency wallet information. Bybit stated that the malware can also establish persistent access via backdoor functionality and attempts to target over 250 browser wallet extensions and multiple desktop wallet applications. This malicious infrastructure was identified on March 12, and related analysis, mitigation, and detection measures were completed the same day.