The Hacker News

Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code

A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an authenticated user to execute arbitrary code under certain conditions. The ...
TechSpot

Hackers breach GitHub and access 3,800 internal repositories now listed for sale

What we know so far: Hackers have reportedly used a malicious Visual Studio Code extension to gain access to a GitHub developer's machine, then leveraged the stolen credentials to move into GitHub's ...
Wired

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

A so-called software supply chain attack, in which hackers corrupt a legitimate piece of software to hide their own malicious code, was once a relatively rare event but one that haunted the ...
The Next Web

GitHub confirms hackers stole thousands of internal code repositories after employee installed a poisoned VS Code extension

GitHub confirmed that the cybercrime group TeamPCP exfiltrated roughly 3,800 internal code repositories after compromising an employee device through a poisoned VS Code extension. The Microsoft-owned ...
Bloomberg L.P.

Security Firm Thwarting Nation-State Hackers Valued at $1 Billion

Socket, a cybersecurity startup that sells technology to help safeguard open-source code against hackers, has raised a new round of funding that values the company at $1 billion. Josh Kushner’s Thrive ...
Techweez

GitHub Breach Exposes 3,800 Internal Repositories After Malicious VS Code Extension Attack

A GitHub employee installed a malicious VS Code extension, and that single mistake gave hackers access to roughly 3,800 of the company’s internal code repositories. GitHub confirmed the data breach ...
SecurityWeek

GitHub Confirms Hack Impacting 3,800 Internal Repositories

The TeamPCP hacking group accessed the repositories after a GitHub employee installed a poisoned VS Code extension. Microsoft-owned code-hosting platform GitHub on Wednesday morning confirmed that ...
Infosecurity-magazine.com

Grafana Labs Confirms Hackers Stole Source Code

A popular open source developer has revealed that hackers stole its codebase and tried to blackmail the firm into paying a ransom. Grafana Labs produces AI-powered analytics and visualization app ...
The Next Web

Grafana Labs refuses ransom after hackers steal already-open-source code

The hackers exfiltrated a codebase that was already open source, then demanded payment to keep it from being released. Grafana said no, and cited the FBI’s standing advice. It is the second ...
TechCrunch

Open source tool maker Grafana Labs says hackers stole its code, refuses to pay ransom

Grafana Labs, the maker of its eponymous popular open source web visualization software, confirmed it had been hacked but that it refused to pay the hackers who had threatened to release the company’s ...
Bleeping Computer

Grafana says stolen GitHub token let hackers steal codebase

Grafana Labs disclosed that hackers have downloaded its source code after breaching its GitHub environment using a stolen access token. A relatively new extortion gang known as CoinbaseCartel has ...
CNN

Exclusive: Hackers have breached tank readers at US gas stations; officials suspect Iran is responsible

US officials suspect Iranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple states, according to multiple sources ...