The Hacker News

One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens

VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.

Microsoft turns its back on Claude Code, asks employees to use GitHub Copilot instead: Report

Microsoft has instructed its employees to stop using Claude Code and instead transition to GitHub Copilot. The company had ...
Windows Report

New VS Code Zero-Day Lets Attackers Access Private GitHub Repositories

A security researcher has publicly disclosed a new Visual Studio Code zero-day vulnerability that can reportedly let ...
CPO Magazine

Megalodon Supply Chain Attack Infects Over 5,500 GitHub Repositories with Backdoors and Stealers

A massive supply chain attack dubbed Megalodon has infected over 5,500 GitHub repositories with credential-stealing malware, ...
Tech Times

GitHub Copilot Replaces GPT-4 With Project Polaris, Ships Multi-Agent VS Code at Build

GitHub Copilot multi-agent support for VS Code launched at Microsoft Build 2026 alongside Project Polaris, an in-house AI ...
Windows Report

Microsoft Launches GitHub Copilot Desktop App for Agent-Native Development

GitHub launches a new Copilot desktop app with AI agents, code review upgrades, sandboxes, and automation tools for ...

GitHub says internal repos exfiltrated after poisoned VS Code extension attack

GitHub, the world's biggest code repository and DevOps platform, fell victim to a malicious Visual Studio Code (VS Code) ...

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

GitHub investigates unauthorized access to internal repositories

GitHub confirmed an attacker was able to access its internal repositories after a code extension breach, with TeamPCP claiming credit.

GitHub investigates internal repositories breach claimed by TeamPCP

GitHub is investigating a breach of its internal repositories after the TeamPCP hacker group claimed to have accessed ...