Bleeping Computer

Claude Code leak used to push infostealer malware on GitHub

Threat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar information-stealing malware. Claude Code is a terminal-based AI agent from ...
Infosecurity Magazine

GitHub Confirms Breach of Internal Repositories Via Malicious VS Code Extension

The Microsoft-owed software developer platform, GitHub, has confirmed a third-party has gained unauthorized access to 3800 ...
Bleeping Computer

Fake VS Code alerts on GitHub spread malware to developers

A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the Discussions section of various projects, to trick users into downloading ...
Hosted on MSN

GitHub’s critical flaw let anyone with push access execute code on servers holding millions of private repos

A single git push command. That is all it would have taken for someone with write access to a repository on GitHub Enterprise Server to execute arbitrary code on the underlying host machine, according ...
CSOonline

Critical GitHub RCE bug exposed millions of repositories

The now‑patched flaw allowed authenticated users to execute arbitrary code via crafted git push requests, affecting GitHub.com and Enterprise Server. A critical remote code execution (RCE) ...
heise online

GitHub and GitHub Enterprise Server: Code smuggling via push

A vulnerability with an embedded earworm “Push it” by Salt-N-Pepa: Attackers with push authorization on one or more repositories can inject malicious code from the network into a GitHub Enterprise ...