Security researchers say 5,500 GitHub repositories have been affected by the attack.

Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers ...

GitHub’s internal repositories — now staged publishing in npm 11.15.0 requires a human 2FA approval before any package goes ...

OpenAI confirms a severe 2026 supply chain attack compromised internal repositories. Discover how this TanStack security ...

SAP embedded n8n inside Joule Studio to connect its 200 AI agents to non-SAP systems. The Berlin-based workflow automation startup is now Germany's most valuable AI company.

Researchers say the campaign abused compromised access tokens and deploy keys to inject malicious GitHub Actions workflows ...

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

The Megalodon supply chain attack poisoned over 5,500 GitHub repositories via automated commits injecting GitHub Actions workflows.

Microsoft-owned open source code hosting platform GitHub has acknowledged and patched a critical vulnerability that allowed arbitrary remote code execution, following a report from Wiz researchers.

In early March, GitHub patched a critical remote code execution vulnerability (CVE-2026-3854) that could have allowed attackers to access millions of private repositories. The flaw was reported on ...

Last week, we reported that GitHub may move to token-based billing in June due to the unsustainable fixed-cost subscription model. The usage of GitHub Copilot has grown exponentially over the past few ...

Sometime in early 2025, an attacker slipped malicious code into a Visual Studio Code extension, and a GitHub employee ...