The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.

Hackers exfiltrated roughly 3,800 of GitHub Inc.’s internal code repositories after one of its employees installed a poisoned Visual Studio Code extension, the Microsoft Corp.-owned developer platform ...

Supply chain attacks with a Dune sci-fi saga branding continue to spread across the open-source ecosystem, with a Microsoft ...

Composer 2.5 is Cursor's third-generation proprietary coding agent, available exclusively inside the Cursor IDE and through the @cursor/sdk — not as a general API. Like its predecessor, it is built on ...

GitHub has confirmed that hackers breached internal repositories through a poisoned VS Code extension after stolen source ...

The code hosting giant GitHub said it was investigating a breach but said there was no evidence of customer data theft.

A GitHub employee has unwittingly allowed 3,800 internal repositories to be breached after a device compromise with a ...

A fresh Mini Shai-Hulud supply chain attack has hit over 320 NPM packages, along with GitHub Actions and a VS Code extension.

The Microsoft-owed software developer platform, GitHub, has confirmed a third-party has gained unauthorized access to 3800 ...

GitHub is investigating an alleged breach after TeamPCP claimed access to nearly 4,000 private repositories, though no impact ...

GitHub has confirmed a cyberattack after a threat actor claimed to be selling stolen company data. The breach involved ...

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to ...