A single browser tab, a single click on “Install,” and a cybercriminal group called TeamPCP was inside GitHub’s own house.

Microsoft's GitHub bans security researcher who posted zero-day Windows exploits ...

A GitHub employee has unwittingly allowed 3,800 internal repositories to be breached after a device compromise with a poisoned VS Code extension.

Researchers say the campaign abused compromised access tokens and deploy keys to inject malicious GitHub Actions workflows ...

The code hosting giant GitHub said it was investigating a breach but said there was no evidence of customer data theft.

The Megalodon supply chain attack poisoned over 5,500 GitHub repositories via automated commits injecting GitHub Actions workflows.

GitHub's user base has swelled under Microsoft's ownership, but the software repository has fallen behind newer rivals in the ...

On May 19 GitHub confirmed the security breach across its social media channels, verifying that there was unauthorized access to internal repositories and stating that it was monitoring the situation ...

GitHub’s engineering team developed a fix and deployed it just over an hour after identifying the root cause, protecting both ...

A TeamPCP copycat was just spotted hitting thousands of GitHub repos with an infostealer.

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

Malicious npm package downloaded 676 times stole Claude AI files via GitHub uploads, increasing AI-driven malware risks.