Researchers say prompt injection attacks could manipulate AI coding agents to access sensitive credentials stored in software ...

VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.

A flaw in Anthropic’s Claude Code GitHub Action allowed a malicious GitHub issue from a bot actor to trigger workflows and ...

Hackers infiltrated Microsoft's open-source projects on GitHub, embedding password-stealing malware into the code, prompting ...

A github.dev flaw could let attackers steal GitHub OAuth tokens through a one-click attack, exposing private repositories and ...

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...

The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain attacks, was briefly open-sourced on GitHub. Miasma appears to be an evolution ...

The code hosting giant GitHub said it was investigating a breach but said there was no evidence of customer data theft.

A researcher has disclosed details of a severe VS Code vulnerability that can be exploited to steal GitHub tokens and access ...

GitHub disabled 73 Microsoft repositories on June 5 after a malicious commit landed in an Azure project, in what researchers described as a supply chain attack aimed at developer workstations and AI ...

GitHub has announced that npm v12, expected next month, will introduce several security-focused changes aimed at blocking ...

GitHub's source code is allegedly on sale online. Hackers claim that they will release it for free if they don't find a buyer ...