A new report in Security Week warns about a cyberattack that infected 5,561 GitHub open-source repositories with malware.

Megalodon pushed 5,718 malicious GitHub commits in 6 hours, exposing CI secrets and cloud credentials at scale.

The code hosting giant GitHub said it was investigating a breach but said there was no evidence of customer data theft.

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

Microsoft has warned internally that GitHub faces an existential risk as competing AI coding tools from Cursor, Anthropic's ...

A fresh Mini Shai-Hulud supply chain attack has hit over 320 NPM packages, along with GitHub Actions and a VS Code extension.

Threat actors earlier today published more than 600 malicious packages to the Node Package Manager (npm) index as part of a ...

Open source robotics AI platform LeRobot surpassed 58,000 community datasets in 2026 — 50x growth in under a year — making it the largest dataset category on Hugging Face and signaling a ...

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.

The Mini Shai-Hulud worm compromised 323 npm packages through the hijacked “atool” account on May 19, publishing 639 malicious versions. Affected packages include echarts-for-react (1.1M weekly ...