Github

When the Claude Code source code leaked on March 31, 2026 via a poorly secured npm .map file, most attention focused on the embarrassment for Anthropic. Less discussed: the malware campaigns that were already being built on top of that leak within hours. As of today, threat actors are actively distributing Vidar infostealer malware and GhostSocks proxy through fake GitHub repositories designed to look like legitimate Claude Code forks. If you’ve been searching for Claude Code on GitHub in the last 48 hours, you may have encountered these repos. ...

The Claude Code source code leak of March 31, 2026 created an immediate security hazard: threat actors began distributing Vidar infostealer malware through convincing fake GitHub repositories within 24 hours. If you’ve cloned any Claude Code fork from an unofficial source since then, this guide is for you. This is a practical, step-by-step walkthrough for: Verifying whether you downloaded a legitimate or fake Claude Code repo What to do if you ran a malicious installer How to protect yourself going forward Step 1: Verify the Repository You Downloaded Check the GitHub organization The only legitimate Claude Code repository is under the official Anthropic GitHub organization: ...

When Anthropic’s Claude Code source code leaked, the developer community did what it always does: forked it, rewrote it, and published it faster than any legal team could react. Claw Code — a clean-room Python and Rust rewrite of Claude Code’s architecture built by developer Sigrid Jin — has accumulated 72,000 GitHub stars and 72,600 forks since its release, making it one of the fastest-growing open-source repositories in AI tooling history. The first 30,000 stars arrived within hours of publication. ...

A critical vulnerability in OpenAI Codex — silently patched in February 2026 — allowed attackers to steal GitHub OAuth tokens through command injection, potentially compromising entire enterprise organizations sharing code repositories. Full public disclosure arrived March 31, 2026, thanks to research from Phantom Labs. The Vulnerability Phantom Labs, an identity security firm, discovered that OpenAI Codex was vulnerable to command injection in its shell execution environment. An attacker who could influence the commands sent to Codex — through crafted prompts, malicious repository content, or injected tool responses — could exfiltrate the GitHub OAuth token that Codex uses to authenticate with repositories. ...

GhostClaw, the AI-assisted macOS infostealer first documented as a threat to npm package ecosystems, has expanded its reach. Jamf Threat Labs has confirmed that the malware family — also tracked as GhostLoader — is now targeting AI agent development workflows through malicious “skills” distributed via GitHub repositories. Critically, OpenClaw’s SKILL system has been identified as a confirmed abuse vector. This is not a theoretical supply chain risk. It’s an active, documented campaign that every developer working with AI agent frameworks — particularly those using OpenClaw or similar skill-based architectures — needs to know about. ...

When ByteDance quietly dropped DeerFlow 2.0 on February 27, 2026, the developer community noticed — fast. Within 24 hours, the repository had rocketed to #1 on GitHub Trending, a milestone confirmed directly in the project’s own README. With 25,000+ stars already accumulated and growing, DeerFlow 2.0 isn’t just a trending curiosity: it’s a serious, ground-up rewrite of one of the most ambitious open-source agentic frameworks to date. What Is DeerFlow 2.0? DeerFlow (Deep Exploration and Efficient Research Flow) is an open-source SuperAgent harness — meaning it’s not a single AI assistant but an orchestration layer that coordinates multiple specialized sub-agents, tools, memories, and sandboxes to handle complex, long-horizon tasks. ...

ByteDance open-sourced DeerFlow 2.0 on February 27, 2026 — a full SuperAgent harness rebuilt on LangGraph 1.0 that shipped with persistent memory, sandboxed execution, file system access, skills, and sub-agent support baked in. It hit GitHub Trending #1 within 24 hours and crossed 25,000+ stars in days. If you want to try a production-grade agent framework without building the plumbing yourself, DeerFlow 2.0 is one of the most complete starting points available right now. Here’s how to get it running locally. ...

GitHub shipped two meaningful updates to the Copilot coding agent on March 19, 2026 — both in a single day, both aimed at the same underlying problem: making agentic coding feel fast enough and transparent enough to trust in production workflows. Update 1: 50% Faster Startup The Copilot coding agent now starts work 50% faster than before. According to GitHub’s changelog, the improvement comes from optimizations in the environment setup phase — the part where the agent provisions its workspace before it can begin writing or modifying code. ...

GitHub’s engineering blog published a detailed technical deep dive today on Squad — an open-source project that brings coordinated, multi-agent AI coding directly into your repository, powered by GitHub Copilot. No custom orchestration layer. No external agent framework. Just agents working inside your codebase, on your infrastructure. The post walks through the design rationale, implementation details, testing approach, and code review workflow — making this one of the most thorough first-party explanations of production multi-agent coding to come from a major platform vendor. ...

Students using GitHub Copilot’s free student plan woke up this week to a familiar and frustrating experience in the AI industry: their tools quietly got worse without any warning. GitHub has removed GPT-5.4, Claude Opus, and Claude Sonnet from its free Student plan — discovered not through an announcement, but by students mid-session finding their model selections grayed out or unavailable. What Changed The GitHub free Student Copilot plan previously offered access to premium models including GPT-5.4 and Anthropic’s Claude Opus and Sonnet alongside the standard model options. Those models have now been removed. ...