Miasma hit 73 Microsoft repos across four GitHub orgs, forcing access disablement and exposing open-source trust risks.

GitHub says hackers stole about 3,800 internal repos after a poisoned VS Code extension hit an employee device ...

A github.dev flaw could let attackers steal GitHub OAuth tokens through a one-click attack, exposing private repositories and ...

Microsoft removed 73 repositories across its Azure, microsoft, Azure-Samples, and MicrosoftDocs organizations on GitHub, ...

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.

A flaw in Claude Code's GitHub Action let attackers bypass permission checks via fake bots and steal OIDC tokens through prompt injection.

GitHub said the activity involved the exfiltration of about 3,800 internal repositories, and it removed the malicious code extension. GitHub said on Wednesday it is investigating unauthorized access ...

GitHub has announced that npm v12, expected next month, will introduce several security-focused changes aimed at blocking ...

A Claude Code GitHub Action flaw let one malicious issue hijack repositories via prompt injection. Anthropic has patched it.

Researchers say prompt injection attacks could manipulate AI coding agents to access sensitive credentials stored in software ...

A GitHub employee has unwittingly allowed 3,800 internal repositories to be breached after a device compromise with a poisoned VS Code extension.

Its disclosure raises questions about what security researchers should expect from vendors, and how far in advance of its ...