A security researcher has publicly disclosed a new Visual Studio Code zero-day vulnerability that can reportedly let ...

GitHub disabled 73 Microsoft repositories on June 5 after a malicious commit landed in an Azure project, in what researchers described as a supply chain attack aimed at developer workstations and AI ...

A github.dev flaw could let attackers steal GitHub OAuth tokens through a one-click attack, exposing private repositories and ...

Miasma hit 73 Microsoft repos across four GitHub orgs, forcing access disablement and exposing open-source trust risks.

GitHub says hackers stole about 3,800 internal repos after a poisoned VS Code extension hit an employee device ...

Somewhere inside GitHub, a developer installed a Visual Studio Code extension. It looked like any other productivity plugin ...

Dozens of Microsoft-owned software repositories have been taken offline following a major cyberattack linked to the rapidly ...

A single browser tab, a single click on “Install,” and a cybercriminal group called TeamPCP was inside GitHub’s own house.

A massive supply chain attack dubbed Megalodon has infected over 5,500 GitHub repositories with credential-stealing malware, ...

The code hosting giant GitHub said it was investigating a breach but said there was no evidence of customer data theft.

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...

A flaw in Claude Code's GitHub Action let attackers bypass permission checks via fake bots and steal OIDC tokens through prompt injection.