News linked to both this project and an event.
OpenAI has released the Frontier Governance Framework, systematically elaborating on how its AI safety and governance practices align with emerging regulatory requirements such as the California Frontier AI Transparency Act and the EU's General-Purpose AI Code of Conduct. Based on OpenAI's existing Preparedness Framework, this framework focuses on areas including cyberattacks, CBRN risks, harmful manipulation, loss of control risks, model reporting, security incident response, and external expert review. It also states that it will be continuously updated as model capabilities and the regulatory environment evolve.
GitHub posted on X platform, sharing more investigation details regarding the unauthorized access incident to its internal repositories. Yesterday, GitHub detected and contained an attack on an employee's device involving a malicious VS Code plugin. GitHub has removed the malicious plugin version, isolated the endpoint, and immediately initiated an incident response.Current assessment indicates that this activity only involved the theft of GitHub's internal repositories. The attackers' claim of approximately 3,800 repositories aligns with GitHub's investigation direction so far. GitHub has taken swift action to mitigate risks, rotating critical keys yesterday and overnight, and prioritizing the most impactful credentials. GitHub will continue analyzing logs, verifying key rotations, and monitoring subsequent activities. A more comprehensive report will be released upon completion of the investigation.
CZ posted on the X platform, stating that if there are API keys in your code, even if it's a private repository, now is the time to re-check and replace them.GitHub is currently investigating unauthorized access to its internal repositories. Although there is currently no evidence of an impact on customer information stored outside of GitHub’s internal repositories (such as customer enterprises, organizations, and repositories), it is closely monitoring subsequent activity related to the infrastructure.
Open-source data visualization tool Grafana announced on X that it recently discovered an unauthorized attacker had obtained a token granting access to Grafana Labs’ GitHub environment and used it to download code repositories. An investigation confirmed that no customer data or personal information was compromised, and no impact was found on customer systems or business operations. Forensic analysis was initiated immediately following the incident, and the source of the credential leak has been identified. Additional security measures have also been deployed to strengthen environmental protections. Additionally, Grafana disclosed that the attacker attempted to extort payment via ransomware to prevent public disclosure of the code repositories; however, the company ultimately decided not to pay the ransom. More details from the post-incident review will be shared after the investigation concludes.
the UK Parliamentary Commissioner for Standards is investigating MP Nigel Farage, leader of the Reform UK party, for allegedly failing to declare a £5 million (approximately $6.7 million) personal gift from Christopher Harborne, an investor in Tether.Christopher Harborne holds a 12% stake in Tether. Nigel Farage stated that the gift was received in 2024 before he announced his candidacy, and was used for personal security, therefore he was not obligated to declare it. According to the UK House of Commons Code of Conduct, new MPs must register interests received in the 12 months prior to their election. If found in violation, Nigel Farage could face penalties such as an apology, suspension, or expulsion from Parliament. (Decrypt)
According to Decrypt, Microsoft’s Threat Intelligence team disclosed that attackers had injected malicious code into Mistral AI packages distributed via the PyPI platform. This malicious code automatically executes when developers use the packages on Linux systems, downloading and running a malicious file named <code>transformers.pyz</code> in the background—the filename deliberately mimics the widely used Hugging Face Transformers library to evade detection. Microsoft noted that the malware primarily steals developers’ login credentials and access tokens. It avoids execution on Russian-language systems and includes logic that can randomly delete files on devices located in Israel or Iran. This attack is linked to the “Shai-Hulud” supply-chain campaign launched in September. In response, Mistral stated that its investigation found the attack originated from compromised developer devices, and its corporate infrastructure was not breached.
Odaily, the State Duma Committee on State Building and Legislation has recommended the first reading of a government bill imposing criminal liability for the illegal mining of cryptocurrencies. The bill adds a new Article 171.6 to the Criminal Code of the Russian Federation, holding individuals accountable for mining activities not included in the state register, as well as for providing mining infrastructure operation services without a license.If the illegal income or damages exceed 3.5 million rubles, the penalty could be a fine of up to 1.5 million rubles or up to two years of compulsory labor. If committed by an organized group or if the income exceeds 13 million rubles, the maximum fine rises to 2.5 million rubles, with a potential prison term of up to five years. In all violation cases, the mined cryptocurrencies will be confiscated. Currently, approximately 50,000 entities are engaged in mining in Russia, but only 1,489 are registered in the state register.
Bitget Wallet has launched a Labor Day QR code payment campaign, running from April 28 to May 7, further driving the adoption of stablecoin payments in everyday consumption and travel scenarios across the Asia-Pacific (APAC) region. During the campaign, users who complete offline QR code payments using USDT or USDC will receive RLUSD cashback for each transaction. From May 1 to May 7, Bitget Wallet will randomly select one paying user per day to receive an additional 1,000 RLUSD cashback. To lower the barrier to first-time usage, Bitget Wallet will also airdrop XRP to eligible participants—serving as the account reserve required to activate RLUSD withdrawals. RLUSD is a compliant U.S. dollar-pegged stablecoin issued by Ripple and regulated by the New York State Department of Financial Services (NYDFS). This campaign marks Bitget Wallet’s first real-world consumer application following its integration of the XRP Ledger (XRPL) mainnet and onboarding of the RLUSD payment ecosystem at the end of March—and represents a key milestone in advancing Bitget Wallet’s Everyday Finance strategy.
Odaily News Coin Center released a report stating that cryptocurrency software code constitutes "functional speech" and should be protected under the First Amendment of the U.S. Constitution. The organization argues that writing and publishing code is akin to writing a book or publishing a recipe; developers are "expressers and inventors," not custodians of assets or intermediaries.The report points out that the mere act of publishing and maintaining software should be strictly protected. However, when developers directly control user assets, execute transactions on behalf of users, or make decisions for users, they may enter a realm subject to regulation.This statement comes at a time of increasing regulatory controversy. Coin Center emphasized that developers should not be treated as financial intermediaries for the convenience of law enforcement. It calls for upholding existing free speech principles in the context of new technologies, rather than expanding the boundaries of criminal liability. (Cointelegraph)