GitHub says hackers stole about 3,800 internal repos after a poisoned VS Code extension hit an employee device ...

A flaw in Anthropic’s Claude Code GitHub Action allowed a malicious GitHub issue from a bot actor to trigger workflows and ...

A flaw in Claude Code's GitHub Action let attackers bypass permission checks via fake bots and steal OIDC tokens through prompt injection.

GitHub has announced that npm v12, expected next month, will introduce several security-focused changes aimed at blocking ...

Researchers say prompt injection attacks could manipulate AI coding agents to access sensitive credentials stored in software ...

A Claude Code GitHub Action flaw let one malicious issue hijack repositories via prompt injection. Anthropic has patched it.

GitHub has released Agentic Workflows in public preview, bringing coding agents into GitHub Actions for automated engineering ...

Miasma hit 73 Microsoft repos across four GitHub orgs, forcing access disablement and exposing open-source trust risks.

Its disclosure raises questions about what security researchers should expect from vendors, and how far in advance of its ...

Microsoft is discontinuing most internal Claude Code licenses by June 30, directing engineers to its own GitHub Copilot CLI. This move follows Claude Code's unexpected popularity, which reportedly ...

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...

Update May 21: GitHub has now linked this breach to the TanStack npm supply-chain attack and says the employee installed a malicious version of the Nx Console extension. GitHub has confirmed that ...