Open source Git service Gogs is affected by a critical-severity zero-day vulnerability that exposes servers to remote code execution.

OpenSSF CTO Christopher Robinson, aka CROB, predicts major AI attack in 2026. Learn how AI threats overwhelm maintainers and what defenses are being built.

Gitea vulnerability CVE-2026-27771 let anyone pull private container images from 30,000-plus self-hosted deployments with no ...

On the night of May 22, 2026, an unidentified attacker with push access to the Laravel-Lang GitHub organization rewrote every existing version tag across four widely used PHP localization packages — ...

In just six hours, the campaign quietly pushed malware to more than 5,500 GitHub repositories, stealing credentials, ...

A coordinated malware campaign known as TrapDoor has hit software ecosystems widely used by crypto and blockchain developers.

The Megalodon supply chain attack poisoned over 5,500 GitHub repositories via automated commits injecting GitHub Actions workflows.

GitHub has said it found about 3,800 internal repositories accessed in the breach and stressed that these contained its own code rather than customer projects. The ...

Researchers at SafeDep traced 5,718 malicious commits to 5,561 GitHub repositories, all pushed in a six-hour window on a ...

On May 18, KrebsOnSecurity reported that a CISA contractor with administrative access to the agency’s code development ...

Learn how the Understand-Anything Claude Code plugin transforms complex repositories into interactive knowledge graphs to ...

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...