The Hacker News

Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack

Miasma hit 73 Microsoft repos across four GitHub orgs, forcing access disablement and exposing open-source trust risks.
Memeburn

Hackers Steal 3,800 GitHub Repos Through Fake VS Code Extension

GitHub says hackers stole about 3,800 internal repos after a poisoned VS Code extension hit an employee device ...
The Hacker News

Microsoft Fixes One-Click GitHub Dev Attack That Let Attackers Steal OAuth Tokens

VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.
The Next Web

A single GitHub issue could have hijacked Anthropic’s own Claude Code action and poisoned every project that uses it

A flaw in Claude Code's GitHub Action let attackers bypass permission checks via fake bots and steal OIDC tokens through prompt injection.

GitHub says hackers stole data from thousands of internal repositories

The code hosting giant GitHub said it was investigating a breach but said there was no evidence of customer data theft.
Cyber Defense Magazine

GitHub Service Abuse in Ongoing Vishing Campaigns

Introduction GitHub is the largest platform for software development and version control, enabling millions of developers to collaborate and share code.

GitHub Actions outage told devs 'your account is suspended'

Following every major outage there is discussion of GitHub alternatives, with some organizations moving to self-hosted code repositories and/or CI/CD. GitHub is sticky though, par ...

Microsoft CEO sends shocking message to employees

Microsoft CEO Satya Nadella revealed earlier this year that the company now writes up to 30% of its code using generative AI.