Bleeping Computer

Claude Code leak used to push infostealer malware on GitHub

Threat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar information-stealing malware. Claude Code is a terminal-based AI agent from ...

Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
Hosted on MSN

Hackers just walked off with 3,800 of GitHub’s internal code repositories — smuggled out by a single poisoned plugin a GitHub developer trusted

Somewhere inside GitHub, a developer installed a Visual Studio Code extension. It looked like any other productivity plugin in Microsoft’s marketplace. It wasn’t. That single installation gave ...
SecurityWeek

Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.

New GitHub Zero-Day Exposed Developer Tokens to Attackers

A github.dev flaw could let attackers steal GitHub OAuth tokens through a one-click attack, exposing private repositories and codebases.
CoinTelegraph

GitHub investigates unauthorized access to internal repositories

GitHub said the activity involved the exfiltration of about 3,800 internal repositories, and it removed the malicious code extension. GitHub said on Wednesday it is investigating unauthorized access ...