Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with running a seemingly benign GitHub repository could execute a malicious payload that is ...

Exclusive: Chainguard extends Repository scanning and policies to Java, Python and containers

Secure software supply chain solution provider Chainguard Inc. today expanded its Chainguard Repository product with malware ...
Visual Studio Magazine

Open VSX 1.0.0 Puts Focus on Open Extension Registry for VS Code Ecosystem

Eclipse Open VSX has reached 1.0.0, highlighting its role as a vendor-neutral registry for VS Code-compatible extensions.
Tech Times

AI Coding Agent Skills Library Gives Any Tool 51 Senior Engineer Personas

AI coding agent skills library claude-skills ships 345 free, MIT-licensed packages for Claude Code, Codex, Cursor, Gemini CLI ...
Meduza

Russia’s internet crackdown is cutting developers off from GitHub and Python. The government’s proposed fix? A VPN controlled by the government.

Russia’s federal media regulator, Roskomnadzor, plans to create a unified “state VPN” for Russian software developers who have lost access to foreign repositories because of internet restrictions, The ...
GitHub

IMMM-SFA/tethys_integration_metarepo

Meta-repository for the code, inputs, and validation that produce the IM3 Experiment Group C multi-sector water-demand dataset for the contiguous United States (CONUS) at 1/8° resolution, monthly, ...
Geeky Gadgets

New Open-Source Plugin Turns Complex Repositories Into Interactive Maps

Better Stack examines how the open source plugin Understand-Anything simplifies navigating complex codebases by turning repositories into interactive, queryable knowledge graphs. Combining static code ...
VentureBeat

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed on May 20 that a poisoned VS Code extension installed on an employee’s device gave attackers access to roughly 3,800 internal repositories at the Microsoft-owned code storage and ...
TechCrunch

GitHub says hackers stole data from thousands of internal repositories

GitHub, the popular developer platform owned by Microsoft, confirmed it was hacked and attackers had stolen data from around 3,800 internal code repositories. The code hosting and sharing giant said ...
Bleeping Computer

GitHub investigates internal repositories breach claimed by TeamPCP

Update May 20, 04:17 EDT: GitHub has now confirmed the breach of ~3,800 internal repositories after an employee installed a malicious VS Code extension. GitHub is investigating a breach of its ...
SecurityWeek

GitHub Confirms Hack Impacting 3,800 Internal Repositories

The TeamPCP hacking group accessed the repositories after a GitHub employee installed a poisoned VS Code extension. Microsoft-owned code-hosting platform GitHub on Wednesday morning confirmed that ...
CoinTelegraph

GitHub investigates unauthorized access to internal repositories

GitHub said the activity involved the exfiltration of about 3,800 internal repositories, and it removed the malicious code extension. GitHub said on Wednesday it is investigating unauthorized access ...