Advertisement
GitHub.dev One-Click Attack: Stealing OAuth Tokens via VS Code
New research reveals a one-click exploit in GitHub.dev and VS Code that allows attackers to steal full GitHub OAuth tokens and access private repositories.
GitHub Internal Repo Breach Claimed by TeamPCP – Code at Risk
GitHub investigates TeamPCP's claim of breaching internal repositories, potentially exposing 4,000 private codebases. Defenders must secure supply chains.
Grafana GitHub Token Leak: Codebase Access and Extortion Attempt
Grafana discloses a security incident where an unauthorized party used a GitHub token to download source code, leading to a failed extortion attempt.
GitHub Malware Campaign: Fake VS Code Alerts Target Developers
Attackers exploit GitHub Discussions to push malware via fake VS Code security alerts. Learn the TTPs used to target developers and how to mitigate risk.
GitHub Copilot Autofix: AI-Driven Vulnerability Remediation in GHAS
GitHub integrates AI-powered scanning into Advanced Security to detect and remediate vulnerabilities across more languages using Copilot Autofix.
Malicious GitHub OpenClaw Deployer Repos Deliver Trojans
Analysts uncover an AI-assisted campaign using over 300 poisoned GitHub repositories like OpenClaw Deployer to distribute infostealers to developers.