CSO Online

Critical GitHub RCE bug exposed millions of repositories

The now‑patched flaw allowed authenticated users to execute arbitrary code via crafted git push requests, affecting ...
The Hacker News

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Bitwarden CLI 2026.4.0 was compromised via GitHub Actions in Checkmarx campaign, exposing secrets and distributing malicious ...
The Hacker News

Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

LofyGang resurfaces with LofyStealer disguised as Minecraft hack, exfiltrating IBANs and passwords to 24.152.36[.]241, ...

Visual Studio 2026 gets cloud agent integration

Thanks to cloud agents, remote coding sessions can now be started from within the IDE, and the C++ code editing tools are ...

CheckMarx admits it was hit by major cyberattack that saw data leaked onto Dark Web

CheckMarx confirms March 2026 attack did result in data theft.

GitHub patches critical 'git push' remote code execution bug

Microsoft-owned open source code hosting platform GitHub has acknowledged and patched a critical vulnerability that allowed ...

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...
DataBreachToday

Flurry of Supply-Chain Software Library Attacks

As supply-chain attacks against widely-used, open-source software repositories continue, experts are urging developers to not ...

Eradani DevOps Fills the Gap AI Coding Tools Leave Behind on IBM i

While AI assistants generate the code, most IBM i shops have no pipeline to get it to production safely AI tools are ...

Warp Open-Sources Its Agentic Development Environment, Introducing a New Model for Building Software with Cloud Agents

Sponsored by OpenAI, Warp launches an open-source ADE where users can submit ideas and watch agents build and ship them ...
CSO Online

More fake extensions linked to GlassWorm found in Open VSX code marketplace

Socket has notified the Eclipse Foundation, which oversees the Open VSX marketplace, of the latest fraudulent additions, and Burckhardt expects that by now all 73 have been deleted.