Researchers say prompt injection attacks could manipulate AI coding agents to access sensitive credentials stored in software ...

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.

An autonomous AI agent built on Claude Opus reportedly chained together zero-day vulnerabilities in GitHub Actions workflows, ...

GitHub Copilot multi-agent support for VS Code launched at Microsoft Build 2026 alongside Project Polaris, an in-house AI ...

More than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack that distributed a new variant of the Shai-Hulud credential-stealing malware, ...

Official Red Hat NPM accounts have been compromised and used to push a malicious worm that spreads from machine to machine, ...

The Megalodon supply chain attack poisoned over 5,500 GitHub repositories via automated commits injecting GitHub Actions workflows.

GitHub hack exposed 3,800 internal repos through a poisoned VS Code extension, raising new concerns over developer supply ...

Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor ...

Popular JavaScript modules including size-sensor and echarts-for-react hit as hijacked account closed GitHub warnings ...

A class action lawsuit claims Disney is scanning the faces of park visitors at Disneyland and California Adventure without proper disclosure or consent, including children. The complaint seeks at ...

Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS ...