CSO Online

GitHub Actions abused by Megalodon attack to slip malicious commits into 5,500 repos

Researchers say the campaign abused compromised access tokens and deploy keys to inject malicious GitHub Actions workflows ...

Megalodon cyberattack infects 5,500 GitHub open-source repositories with malware, researchers say

Security researchers say 5,500 GitHub repositories have been affected by the attack.
SecurityWeek

Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack

The Megalodon supply chain attack poisoned over 5,500 GitHub repositories via automated commits injecting GitHub Actions workflows.
Morning Overview on MSN

GitHub just confirmed hackers broke into its own code through a poisoned coding tool — slipping in on a developer’s laptop without anyone noticing for days

Sometime in early 2025, an attacker slipped malicious code into a Visual Studio Code extension, and a GitHub employee ...
WMUR

NH lawmakers reject plea from Ayotte, delay action on children's mental health coverage bill

DESERVES MORE STUDY. BUT ADVOCATES SAY THAT WILL COME AT A COST. I THINK THIS WAS REALLY WRONG. WHAT THEY DID. GOVERNOR KELLY AYOTTE IS NOT HAPPY WITH THE HOUSE COMMERCE COMMITTEE’S VOTE TO SPEND MORE ...
Hosted on MSN

Action News Jax's wildfire relief day coverage

Kyle Busch texted NASCAR CEO two days before death with specific request, and it was perfect Trump approval rating collapses with rural voters amid farmer fury Cooper’s farewell sparks backlash and ...
insurancebusinessmag

Hanover fights to end coverage for property manager in tenant class action

Hanover Insurance is pushing back on its duty to defend a property manager named in a sweeping tenant class action across Oregon. On May 5, the carrier walked into federal court in Portland and asked ...
GOLF.com

NBC’s Chevron Championship coverage will have a new lead voice

Cara Banks is no stranger to narrating golf’s biggest moments. If a play-by-play broadcaster is the captain of the golf TV broadcast during the final moments of a tournament, then the interviewer is ...
VentureBeat

Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it

A security researcher, working with colleagues at Johns Hopkins University, opened a GitHub pull request, typed a malicious instruction into the PR title, and watched Anthropic’s Claude Code Security ...
SecurityWeek

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

A researcher has disclosed the details of a prompt injection attack method named ‘Comment and Control’, which has been found to work against several popular AI code security and automation tools. The ...
Dark Reading

AI-Assisted Supply Chain Attack Targets GitHub

A threat actor appears to have used AI-assisted automation to make hundreds of exploit attempts against open source software repositories on GitHub. Fewer than 10% of the more than 450 exploitation ...
VentureBeat

In the wake of Claude Code's source code leak, 5 actions enterprise security leaders should take now

Every enterprise running AI coding agents has just lost a layer of defense. On March 31, Anthropic accidentally shipped a 59.8 MB source map file inside version 2.1. ...