A flaw in Anthropic’s Claude Code GitHub Action allowed a malicious GitHub issue from a bot actor to trigger workflows and ...
GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...
A flaw in Claude Code's GitHub Action let attackers bypass permission checks via fake bots and steal OIDC tokens through prompt injection.
An autonomous AI agent built on Claude Opus reportedly chained together zero-day vulnerabilities in GitHub Actions workflows, ...
Yesterday, following a DMCA complaint from HackerRank, GitHub took down a repository that hosts the official SymPy project documentation website. First released fifteen years ago, SymPy is an open ...
A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.
CrowdStrike, Google, and the Shadowserver Foundation dismantled the GlassWorm malware operation, but experts say the broader ...