A flaw in Anthropic’s Claude Code GitHub Action allowed a malicious GitHub issue from a bot actor to trigger workflows and ...

Researchers say prompt injection attacks could manipulate AI coding agents to access sensitive credentials stored in software ...

An autonomous AI agent built on Claude Opus reportedly chained together zero-day vulnerabilities in GitHub Actions workflows, ...

A flaw in Claude Code's GitHub Action let attackers bypass permission checks via fake bots and steal OIDC tokens through prompt injection.

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...

GitHub disabled 73 Microsoft repositories on June 5 after a malicious commit landed in an Azure project, in what researchers described as a supply chain attack aimed at developer workstations and AI ...

GitHub says hackers stole about 3,800 internal repos after a poisoned VS Code extension hit an employee device ...

A massive supply chain attack dubbed Megalodon has infected over 5,500 GitHub repositories with credential-stealing malware, ...

GitHub Actions is why developers can't leave GitHub despite dozens of outages — and why Microsoft stopped pretending it was independent.

GitHub Actions is currently being abused by attackers to mine cryptocurrency on GitHub's servers in an automated attack. GitHub Actions is a CI/CD solution that makes it easy to setup periodic tasks ...

Following every major outage there is discussion of GitHub alternatives, with some organizations moving to self-hosted code repositories and/or CI/CD. GitHub is sticky though, par ...