An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
GitHub secret scanning now extends beyond org-owned repositories: Public Monitoring scans all of GitHub.com in real time, ...
After publicly touting pull request limits as a way to cut maintainer noise, GitHub is taking the same idea further with a new setting that lets repository admins restrict issue creation to ...
Microsoft removed 73 repositories across its Azure, microsoft, Azure-Samples, and MicrosoftDocs organizations on GitHub, disrupting continuous integration pipelines. The incident occurred on June 5, ...
Researchers found Cordyceps CI/CD flaws affecting 300+ repositories, enabling code execution, credential theft, and supply ...
Rust Lightning heads to self-hosted git.rust-bitcoin.org as GitHub's slowdowns, bans, and LLM spam erode trust.
Cordyceps, a systemic class of exploitable CI/CD vulnerabilities, allows unauthenticated attackers to hijack developer ...
Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
Dozens of Microsoft-owned software repositories have been taken offline following a major cyberattack linked to the rapidly spreading Miasma malware campaign. GitHub, which is owned by Microsoft, has ...
Cursor Origin git platform launched at Compile alongside a 1.5-trillion-parameter model in training and a new iOS app, as ...
Three levels of indirection, all with seemingly innocuous steps, will catch a bot off-guard.
Microsoft has cut off access to dozens of its open source projects hosted on GitHub as it investigates how hackers apparently breached the projects and injected password-stealing malware into the code ...