Windows Report

New VS Code Zero-Day Lets Attackers Access Private GitHub Repositories

A security researcher has publicly disclosed a new Visual Studio Code zero-day vulnerability that can reportedly let ...
The Hacker News

One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens

VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.

GitHub says internal repos exfiltrated after poisoned VS Code extension attack

GitHub, the world's biggest code repository and DevOps platform, fell victim to a malicious Visual Studio Code (VS Code) ...

GitHub confirms breach of 3,800 internal repos after employee installs poisoned VS Code extension

GitHub confirms breach of 3,800 internal repos after employee installs poisoned VS Code extension - SiliconANGLE ...
Morning Overview on MSN

GitHub confirms TeamPCP walked off with 3,800 internal repositories — and the gang is auctioning them on a dark-web forum at a minimum price of $50,000

A single browser tab, a single click on “Install,” and a cybercriminal group called TeamPCP was inside GitHub’s own house.
PCMag on MSN

Hackers infiltrate GitHub by compromising employee device

GitHub traced the breach to a malicious version of a Visual Studio Code extension, underscoring the threat of hackers ...

GitHub says hackers stole data from thousands of internal repositories

The code hosting giant GitHub said it was investigating a breach but said there was no evidence of customer data theft.
CPO Magazine

Megalodon Supply Chain Attack Infects Over 5,500 GitHub Repositories with Backdoors and Stealers

A massive supply chain attack dubbed Megalodon has infected over 5,500 GitHub repositories with credential-stealing malware, ...