Microsoft’s open source tools were hacked to steal passwords of AI developers

According to security firm Cloudsmith and community-driven malware analysis site OpenSourceMalware, which were some of the ...
SecurityWeek

VS Code Vulnerability Allows One-Click GitHub Token Theft

A researcher has disclosed details of a severe VS Code vulnerability that can be exploited to steal GitHub tokens and access ...
The Hacker News

Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories

A flaw in Anthropic’s Claude Code GitHub Action allowed a malicious GitHub issue from a bot actor to trigger workflows and ...