A single developer. One poisoned extension. Five supply chain surfaces compromised in 48 hours. And a threat group claiming their tool was built by Claude.On May 20, 2026, GitHub confirmed Opens a new ...

Security researchers say 5,500 GitHub repositories have been affected by the attack.

Stolen credentials produced valid Sigstore certificates, clearing 633 malicious npm packages — one of seven developer tool ...

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

GitHub has confirmed that roughly 3,800 internal repositories were breached after one of its employees installed a malicious ...

Fox Tempest is a financially motivated threat actor operating a malware‑signing‑as‑a‑service (MSaaS) used by other ...

I started this as a side project, but my Windows Command Center suddenly became useful.

OpenAI says Mac users must update ChatGPT, Codex, and Atlas apps by June 12 after an npm supply-chain attack exposed signing ...

OpenAI has added its Codex coding agent to the ChatGPT mobile app on iOS and Android, letting users manage coding tasks ...

Weekly ThreatsDay Bulletin: supply chain attacks, fake support lures, AI tampering, data leaks, ransomware, and exploited ...

Google says attackers are using AI for zero-day research, malware development, reconnaissance, and access to premium AI tools.

GitHub has announced that it will be shifting to a usage-based billing model for its GitHub Copilot AI service starting on June 1. The move is pitched as a way to “better align pricing with actual ...