GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...
A GitHub employee installed a routine VS Code extension update, handed cybercrime group TeamPCP enough access to exfiltrate ...
TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious versions anyway. The CI/CD Trust-Chain Audit Grid maps the six gaps it ...
GitHub CISO Alexis Wales confirmed Thursday that a poisoned build of the Nx Console Visual Studio Code extension — live on ...
Supply chain attacks with a Dune sci-fi saga branding continue to spread across the open-source ecosystem, with a Microsoft ...
An attacker poisoned 84 TanStack npm versions across 42 packages, stealing GitHub OIDC tokens and cloud keys while planting a dead-man's switch that nukes your system.
XDA Developers on MSN
A poisoned VS Code extension led to a GitHub breach, and Microsoft owns every link in the chain
Microsoft has had a VS Code extension for a long time, and it finally came back to bite them.
TL;DR: The Microsoft Visual Studio Professional 2026 bundle includes 15 coding courses and is on sale for $49.97 (regularly ...
Researchers say the campaign abused compromised access tokens and deploy keys to inject malicious GitHub Actions workflows ...
Megalodon pushed 5,718 malicious GitHub commits in 6 hours, exposing CI secrets and cloud credentials at scale.
The Megalodon supply chain attack poisoned over 5,500 GitHub repositories via automated commits injecting GitHub Actions workflows.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results