In just six hours, the campaign quietly pushed malware to more than 5,500 GitHub repositories, stealing credentials, ...

The Megalodon supply chain attack poisoned over 5,500 GitHub repositories via automated commits injecting GitHub Actions workflows.

Introduction GitHub is the largest platform for software development and version control, enabling millions of developers to collaborate and share code.

GitHub hack exposed 3,800 internal repos through a poisoned VS Code extension, raising new concerns over developer supply ...

AI now lets SuperGrok and X Premium subscribers use Grok Build inside OpenCode with no extra API key. Here's how to set it up, what you get.

Microsoft's May 2026 VS Code update makes BYOK usable in restricted environments while adding agent, browser and issue-reporting updates.

A malicious npm package has been caught leaking its own hardcoded GitHub token, a blunder that let researchers watch the operator's data theft unfold from the inside. The package, named ...

Malicious Sicoob.Sdk stole PFX certificates and client IDs via NuGet downloads, enabling API impersonation and payment abuse risks.

Google Gemini CLI loses free-user API access on June 18, replaced by the closed-source Antigravity CLI. Developers who contributed 6,000 merged pull requests are calling it a bait-and-switch — ...

A single developer. One poisoned extension. Five supply chain surfaces compromised in 48 hours. And a threat group claiming ...

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.

Developer platform Socket says a malware called TrapDoor is targeting crypto and AI developers across npm, PyPI and Crates, aiming to steal crypto wallet info and browser data.