Mozilla researchers revealed a new attack that tricks Claude Code into running hidden commands from seemingly harmless GitHub repositories.

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...

GitHub’s actions/checkout v7 now blocks risky fork PR checkouts in privileged workflows to reduce common pwn request attacks.

Researchers found Cordyceps CI/CD flaws affecting 300+ repositories, enabling code execution, credential theft, and supply ...

Cursor Origin git platform launched at Compile alongside a 1.5-trillion-parameter model in training and a new iOS app, as ...

GitHub has introduced the GitHub Copilot app, a desktop control centre for agent-native development that aims to keep ...

A github.dev flaw could let attackers steal GitHub OAuth tokens through a one-click attack, exposing private repositories and codebases.

Three levels of indirection, all with seemingly innocuous steps, will catch a bot off-guard.

A security researcher has released exploit code for a Visual Studio Code (VS Code) zero-day vulnerability that allows attackers to steal GitHub authentication tokens by tricking users into clicking a ...

After years of trying to educate developers to use pull_request_target securely, the platform finally implements stronger ...

Rust Lightning heads to self-hosted git.rust-bitcoin.org as GitHub's slowdowns, bans, and LLM spam erode trust.

Cordyceps, a systemic class of exploitable CI/CD vulnerabilities, allows unauthenticated attackers to hijack developer ...