The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.

TeamPCP gained access to GitHub's private source code after an employee unknowingly installed a malicious coding tool.

Supply chain attacks with a Dune sci-fi saga branding continue to spread across the open-source ecosystem, with a Microsoft ...

Composer 2.5 is Cursor's third-generation proprietary coding agent, available exclusively inside the Cursor IDE and through the @cursor/sdk — not as a general API. Like its predecessor, it is built on ...

GitHub has confirmed that hackers breached internal repositories through a poisoned VS Code extension after stolen source ...

GitHub has contained a breach involving unauthorized access to thousands of internal repositories, allegedly linked to a ...

The code hosting giant GitHub said it was investigating a breach but said there was no evidence of customer data theft.

A GitHub employee has unwittingly allowed 3,800 internal repositories to be breached after a device compromise with a ...

A fresh Mini Shai-Hulud supply chain attack has hit over 320 NPM packages, along with GitHub Actions and a VS Code extension, ...

The Microsoft-owed software developer platform, GitHub, has confirmed a third-party has gained unauthorized access to 3800 ...

GitHub has confirmed a cyberattack after a threat actor claimed to be selling stolen company data. The breach involved ...