GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

CISA Contractor Exposed Sensitive Credentials in Public GitHub Repository

CISA is investigating after a contractor’s public GitHub repository exposed AWS GovCloud credentials, internal files, and ...

GitHub says a data breach impacted 3,800 internal repositories.

The company traced the incident to a “poisoned” VS Code extension on an employee’s device. While the hacking group TeamPCP has claimed responsibility for the breach, GitHub says it has since removed ...

GitHub says hackers stole data from thousands of internal repositories

The code hosting giant GitHub said it was investigating a breach but said there was no evidence of customer data theft.
CSO Online

GitHub scales back bug bounties, reminds users security is their responsibility too

The cloud code repository asks security researchers to cut out the AI-generated noise and focus on reporting security ...
Tech Times

Nous Research’s Hermes Agent Dethrones OpenClaw as the World’s Most-Used Open-Source AI Agent

Nous Research’s Hermes Agent overtook OpenClaw on May 10 to claim the top position on OpenRouter’s global daily inference ...
CSOonline

Critical GitHub RCE bug exposed millions of repositories

The now‑patched flaw allowed authenticated users to execute arbitrary code via crafted git push requests, affecting GitHub.com and Enterprise Server. A critical remote code execution (RCE) ...
SecurityWeek

Critical GitHub Vulnerability Exposed Millions of Repositories

The remote code execution flaw CVE-2026-3854 was found to impact GitHub.com and GitHub Enterprise Server. Researchers at cloud security giant Wiz discovered a critical remote code execution ...
Bleeping Computer

Claude Code leak used to push infostealer malware on GitHub

Threat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar information-stealing malware. Claude Code is a terminal-based AI agent from ...
InfoQ

GitHub Will Use Copilot Interaction Data from Free, Pro, and Pro+ Users to Train AI Models

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...