The Hacker News

Microsoft Fixes One-Click GitHub Dev Attack That Let Attackers Steal OAuth Tokens

VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.
The Next Web

One click on GitHub.dev is all it takes to hand over your private repositories

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.

In stunning display of stupid, secret CISA credentials found in public GitHub repo

Security researcher Brian Krebs brings us the news that America’s Cybersecurity & Infrastructure Agency (CISA) has had a ...
SF Weekly

How a San Francisco open-source project became the data layer for global AI

San Francisco's AI economy is mostly being defined by the companies spending the most. Foundation model labs raise billions, ...

Megalodon cyberattack infects 5,500 GitHub open-source repositories with malware, researchers say

Security researchers say 5,500 GitHub repositories have been affected by the attack.