The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious ...

"Hugging Face tokens are notorious for allowing access to private AI models," said Berkovich. "The leaked Hugging Face token belonging to an AI 50 company could have exposed access to ~1,000 private ...

Weeks after being declared eradicated, GlassWorm is again infesting open source extensions using the same invisible Unicode ...

Developers will have to contend with a dormant turned active malicious code on Visual Studio Code (VS Code) extensions, which ...

A malicious extension with basic ransomware capabilities seemingly created with the help of AI, has been published on Microsoft's official VS Code marketplace.

GlassWorm, a self-propagating VS Code malware first found in the Open VSX marketplace, continues to infect developer devices ...

A lot of non-coders and people unfamiliar with the app development scene often confuse Git and GitHub, but only the latter is ...

Further instances of the malware, which steals credentials and cryptocurrency, have appeared on Open VSX and aim to establish ...

The Open VSX registry rotated access tokens after they were accidentally leaked by developers in public repositories and allowed threat actors to publish malicious extensions in an attempted ...

Amplitude, Inc., a leading digital analytics platform, is collaborating with GitHub to launch an agent-to-agent integration for enterprise product and engineering teams-enabling Amplitude to act as an ...

A suspicious Visual Studio Code extension with file-encrypting and data-stealing behavior successfully bypassed marketplace ...

The timing of the Octoverse 2025 report release during the conference proved strategic, as it provided attendees with ...