A flaw in Anthropic’s Claude Code GitHub Action allowed a malicious GitHub issue from a bot actor to trigger workflows and ...

A flaw in Claude Code's GitHub Action let attackers bypass permission checks via fake bots and steal OIDC tokens through prompt injection.

GitHub internal repositories breached via malicious VS Code extension; TeamPCP demands $50K for 3,800 stolen repos May 2026.

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.

An archive of roughly 4,000 repositories is reportedly being offered for sale on the dark web, by threat actors known as ...

“It is important to keep in mind that courts have found that the mere intent to keep the document confidential is insufficient.” Recently, I met with a potential client to discuss key points that ...

Google is reportedly offering to pay select Android developers for source-code access. Here’s what Play Store developers ...

Slack suffered a security incident over the holidays affecting some of its private GitHub code repositories. The immensely popular Salesforce-owned IM app is used by an estimated 18 million users at ...

GitHub is struggling to contain an ongoing attack that’s flooding the site with millions of code repositories. These repositories contain obfuscated malware that steals passwords and cryptocurrency ...