GitHub's source code is allegedly on sale online. Hackers claim that they will release it for free if they don't find a buyer ...

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.

VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.

A major cyber scare has hit GitHub, with hackers from TeamPCP claiming they accessed nearly 4,000 private repositories, including internal source code.

Researchers say prompt injection attacks could manipulate AI coding agents to access sensitive credentials stored in software ...

GitHub says hackers stole about 3,800 internal repos after a poisoned VS Code extension hit an employee device ...

Developers who rely on GitHub Copilot inside Visual Studio Code now have a new option built entirely by Microsoft. The ...

Researchers say the campaign abused compromised access tokens and deploy keys to inject malicious GitHub Actions workflows ...

Miasma hit 73 Microsoft repos across four GitHub orgs, forcing access disablement and exposing open-source trust risks.

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.

Threat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar information-stealing malware. Claude Code is a terminal-based AI agent from ...

Code sharing platform GitHub, which has over 150 million registered developers worldwide, announced on Wednesday that an unauthorised actor had gained access to its internal systems. A threat actor ...