WinBuzzer

VS Code Exploit Can Steal GitHub Tokens via github.dev

A VS Code exploit for github.dev can steal GitHub OAuth tokens after one malicious link, exposing private repositories while teams await a patch.
Bleeping Computer

Claude Code leak used to push infostealer malware on GitHub

Threat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar information-stealing malware. Claude Code is a terminal-based AI agent from ...
Bleeping Computer

GitHub's new policies allow removal of PoC exploits used in attacks

GitHub announced on Friday their updated community guidelines that explain how the company will deal with exploits and malware samples hosted on their service. To give some background behind the new ...
CoinDesk

Hackers Are Using Fake GitHub Code to Steal Your Bitcoin: Kaspersky

A Kaspersky report from Monday warned users of a “GitVenom” campaign that’s been active for at least two years but is steadily on the rise. The attack starts with seemingly legitimate GitHub projects ...
Wired

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

A so-called software supply chain attack, in which hackers corrupt a legitimate piece of software to hide their own malicious code, was once a relatively rare event but one that haunted the ...