The Hacker News

Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows

Megalodon pushed 5,718 malicious GitHub commits in 6 hours, exposing CI secrets and cloud credentials at scale.

500 Poisoned Packages, Hundreds of Companies: TeamPCP’s Worm Just Reached GitHub

A GitHub employee installed a routine VS Code extension update, handed cybercrime group TeamPCP enough access to exfiltrate ...
Visual Studio Magazine

The Next Generation of Developer Productivity with GitHub Copilot and Visual Studio

Simona Liao and Leah Tran, product managers at Microsoft, discuss how GitHub Copilot in Visual Studio has evolved from a code completion tool into an agent-driven development workflow -- and share ...

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...
techtimes

Git Version Control Mastery: Branching, Merging & GitHub Workflow Tips for Teams

Git Version Control is the backbone of modern software development, helping teams manage code efficiently and avoid conflicts. Understanding version control basics allows developers to track changes, ...
Live Bitcoin News

The npm Package That Wipes Your Files When You Try to Stop It

An attacker poisoned 84 TanStack npm versions across 42 packages, stealing GitHub OIDC tokens and cloud keys while planting a ...
CSOonline

GitHub Actions attack renders even security-aware orgs vulnerable

Many open-source repositories contain privileged GitHub Actions workflows that execute untrusted code and can be triggered by attackers to expose credentials and access tokens, as MITRE and Splunk ...
Hackaday

Reify Your GitHub Commit History With Contrib Cal

Over on Instructables, [Logan Fouts] shows us the Contrib Cal GitHub desk gadget. This build will allow you to sport your recent GitHub commit activity on your wall or desk with an attractive diffuse ...