The now‑patched flaw allowed authenticated users to execute arbitrary code via crafted git push requests, affecting ...

The Red Sun vulnerability repository. Contribute to Nightmare-Eclipse/RedSun development by creating an account on GitHub.

GlassWorm, a known malware, has put 73 harmful extensions into OpenVSX's registry. Hackers use it to steal developers' crypto ...

LofyGang resurfaces with LofyStealer disguised as Minecraft hack, exfiltrating IBANs and passwords to 24.152.36[.]241, ...

Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.

The multi-stage campaign targeting South Korea uses weaponized Windows shortcuts and GitHub-based command-and-control to evade detection. DPRK-linked threat actors are preferring stealth over ...

GitHub is hardening Actions with deterministic dependencies, scoped secrets, and policy controls. Teams still need immediate ...

CheckMarx confirms March 2026 attack did result in data theft.

Microsoft-owned open source code hosting platform GitHub has acknowledged and patched a critical vulnerability that allowed ...

The compromise of a version of Bitwarden's CLI is connected to the ongoing Checkmarx supply chain campaign, but differences in the operational methods of both incidents are making it difficult to ...

Users of GitHub's command-line interface (CLI) who value privacy, beware. The Microsoft-owned code-hosting platform has quietly begun collecting pseudonymous client-side telemetry from CLI users and ...