Packagist packages hid malicious package.json scripts, enabling Linux binary execution during installs and workflows.

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers ...

GitHub's user base has swelled under Microsoft's ownership, but the software repository has fallen behind newer rivals in the ...

GitHub hack exposed 3,800 internal repos through a poisoned VS Code extension, raising new concerns over developer supply ...

Microsoft is reportedly beginning to phase out the use of Anthropic’s Claude Code internally, with several engineering teams being directed to transition to GitHub Copilot CLI i ...

GitHub is investigating a breach of its internal repositories after the TeamPCP hacker group claimed to have accessed ...

GitHub says the hackers who breached 3,800 internal repositories gained access via a malicious version of the Nx Console VS ...

GitHub lost 3,800 internal repos after poisoned Nx Console update exposed developer credentials and supply-chain risk.

A GitHub employee installed a routine VS Code extension update, handed cybercrime group TeamPCP enough access to exfiltrate ...

On May 19 GitHub confirmed the security breach across its social media channels, verifying that there was unauthorized access to internal repositories and stating that it was monitoring the situation ...

A major cyber scare has hit GitHub, with hackers from TeamPCP claiming they accessed nearly 4,000 private repositories, ...