A researcher has disclosed the full details of the vulnerability and released a PoC without notifying Microsoft in advance.
The post VS Code Vulnerability Allows One-Click GitHub Token Theft appeared first on SecurityWeek.
Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack
Fake automated commits injected GitHub Actions workflows containing payloads to steal credentials, CI secrets, keys, and tokens.
The post Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack appeared first on SecurityWeek.
GitHub Confirms Hack Impacting 3,800 Internal Repositories
The TeamPCP hacking group accessed the repositories after a GitHub employee installed a poisoned VS Code extension.
The post GitHub Confirms Hack Impacting 3,800 Internal Repositories appeared first on SecurityWeek.
Critical GitHub Vulnerability Exposed Millions of Repositories
The remote code execution flaw CVE-2026-3854 was found to impact GitHub.com and GitHub Enterprise Server.
The post Critical GitHub Vulnerability Exposed Millions of Repositories appeared first on SecurityWeek.
Critical Vulnerability in OpenAI Codex Allowed GitHub Token Compromise
Researchers found an OpenAI Codex vulnerability that could have been exploited to compromise GitHub tokens.
The post Critical Vulnerability in OpenAI Codex Allowed GitHub Token Compromise appeared first on SecurityWeek.
Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack
Hackers published a malicious scanner release and replaced tags to point to information-stealer malware.
The post Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack appeared first on SecurityWeek.
ForceMemo: Python Repositories Compromised in GlassWorm Aftermath
Hundreds of GitHub accounts were accessed using credentials stolen in the VS Code GlassWorm campaign.
The post ForceMemo: Python Repositories Compromised in GlassWorm Aftermath appeared first on SecurityWeek.
GitHub Issues Abused in Copilot Attack Leading to Repository Takeover
Attackers can inject malicious instructions in a GitHub Issue that are automatically processed by Copilot when launching a Codespace from that issue.
The post GitHub Issues Abused in Copilot Attack Leading to Repository Takeover appeared first on SecurityWeek.
VS Code Configs Expose GitHub Codespaces to Attacks
VS Code-integrated configuration files are automatically executed in Codespaces when the user opens a repository or pull request.
The post VS Code Configs Expose GitHub Codespaces to Attacks appeared first on SecurityWeek.
GitHub Copilot Chat Flaw Leaked Data From Private Repositories
Hidden comments allowed full control over Copilot responses and leaked sensitive information and source code.
The post GitHub Copilot Chat Flaw Leaked Data From Private Repositories appeared first on SecurityWeek.
