Wired

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

A so-called software supply chain attack, in which hackers corrupt a legitimate piece of software to hide their own malicious code, was once a relatively rare event but one that haunted the ...
SiliconANGLE

GitHub confirms breach of 3,800 internal repos after employee installs poisoned VS Code ...

Hackers exfiltrated roughly 3,800 of GitHub Inc.’s internal code repositories after one of its employees installed a poisoned Visual Studio Code extension, the Microsoft Corp.-owned developer platform ...
VentureBeat

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply ...

GitHub confirmed on May 20 that a poisoned VS Code extension installed on an employee’s device gave attackers access to roughly 3,800 internal repositories at the Microsoft-owned code storage and ...
The Next Web

GitHub confirms hackers stole thousands of internal code repositories after employee ...

GitHub confirmed that the cybercrime group TeamPCP exfiltrated roughly 3,800 internal code repositories after compromising an employee device through a poisoned VS Code extension. The Microsoft-owned ...
SecurityWeek

GitHub Confirms Hack Impacting 3,800 Internal Repositories

The TeamPCP hacking group accessed the repositories after a GitHub employee installed a poisoned VS Code extension. Microsoft-owned code-hosting platform GitHub on Wednesday morning confirmed that ...
The Hacker News

GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos

GitHub on Tuesday said it's investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform's source code and internal ...
Infosecurity-magazine.com

GitHub Confirms Breach of Internal Repositories Via Malicious VS Code Extension

The Microsoft-owed software developer platform, GitHub, has confirmed a third-party has gained unauthorized access to 3800 internal repositories. The breach was detected on May 19 and likely comes ...
Developer Tech

Microsoft moves engineers from Claude Code to GitHub Copilot CLI

Microsoft is preparing to end most internal use of Anthropic’s Claude Code, with engineers being directed to move their workflows to GitHub Copilot CLI instead. According to reports, Microsoft ...
The Verge

Microsoft starts canceling Claude Code licenses

Thousands of Microsoft developers will use GitHub Copilot CLI instead Thousands of Microsoft developers will use GitHub Copilot CLI instead is a senior correspondent and author of Notepad, who has ...
The Verge

GitHub rushed to fix a critical vulnerability in less than six hours

A critical remote code execution vulnerability was discovered using an AI model and patched within hours. A critical remote code execution vulnerability was discovered using an AI model and patched ...
Bleeping Computer

Claude Code leak used to push infostealer malware on GitHub

Threat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar information-stealing malware. Claude Code is a terminal-based AI agent from ...
Ars Technica

Anthropic says its leak-focused DMCA effort unintentionally hit legit GitHub forks

An Anthropic-backed DMCA effort to remove its recently leaked Claude Code client source code from GitHub this week resulted in the accidental removal of many legitimate forks of its official public ...