Researchers say prompt injection attacks could manipulate AI coding agents to access sensitive credentials stored in software ...

VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.

A flaw in Anthropic’s Claude Code GitHub Action allowed a malicious GitHub issue from a bot actor to trigger workflows and ...

Hackers infiltrated Microsoft's open-source projects on GitHub, embedding password-stealing malware into the code, prompting ...

A github.dev flaw could let attackers steal GitHub OAuth tokens through a one-click attack, exposing private repositories and ...

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...

The code hosting giant GitHub said it was investigating a breach but said there was no evidence of customer data theft.

A researcher has disclosed details of a severe VS Code vulnerability that can be exploited to steal GitHub tokens and access ...

GitHub disabled 73 Microsoft repositories on June 5 after a malicious commit landed in an Azure project, in what researchers described as a supply chain attack aimed at developer workstations and AI ...

From June 1, the code repository platform GitHub moved its Copilot AI-coding assistant from a flat subscription-based model ...

Microsoft has instructed its employees to stop using Claude Code and instead transition to GitHub Copilot. The company had ...

Drowning in AI-generated code isn't progress — it's an operational bottleneck that burns out your best senior engineers on ...