A VS Code exploit for github.dev can steal GitHub OAuth tokens after one malicious link, exposing private repositories while teams await a patch.

Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the @redhat-cloud-services npm scope. The ...

GitHub says hackers stole about 3,800 internal repos after a poisoned VS Code extension hit an employee device ...

Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its ...

Security researchers found malicious code buried inside more than 30 of Red Hat's official software packages, built to ...

Compromised npm packages targeted Red Hat cloud services, enabling credential theft and expanding supply chain risks.

For more than a year, a self-propagating worm rode VS Code extensions, npm packages, and stolen developer credentials through ...

Microsoft has had a VS Code extension for a long time, and it finally came back to bite them.

GitHub’s internal repositories — now staged publishing in npm 11.15.0 requires a human 2FA approval before any package goes ...

GitHub hack exposed 3,800 internal repos through a poisoned VS Code extension, raising new concerns over developer supply ...

A GitHub employee installed a routine VS Code extension update, handed cybercrime group TeamPCP enough access to exfiltrate ...