CSO Online

GitHub Actions abused by Megalodon attack to slip malicious commits into 5,500 repos

Researchers say the campaign abused compromised access tokens and deploy keys to inject malicious GitHub Actions workflows ...
SecurityWeek

Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack

The Megalodon supply chain attack poisoned over 5,500 GitHub repositories via automated commits injecting GitHub Actions workflows.

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...
Bleeping Computer

GitHub restores popular Python repo hit by bogus DMCA takedown

Yesterday, following a DMCA complaint from HackerRank, GitHub took down a repository that hosts the official SymPy project documentation website. First released fifteen years ago, SymPy is an open ...
XDA Developers on MSN

A poisoned VS Code extension led to a GitHub breach, and Microsoft owns every link in the chain

Microsoft has had a VS Code extension for a long time, and it finally came back to bite them.
Tech Times

GitHub CISO Names Nx Console as Root of 3,800-Repo Breach: OpenAI, Grafana Also Hit

GitHub CISO Alexis Wales confirmed Thursday that a poisoned build of the Nx Console Visual Studio Code extension — live on ...

GitHub confirms breach of 3,800 internal repos after employee installs poisoned VS Code extension

GitHub confirms breach of 3,800 internal repos after employee installs poisoned VS Code extension - SiliconANGLE ...
MUO on MSNOpinion

GitHub Actions lock-in is why developers won't switch to Gitea or Forgejo despite record outages

GitHub Actions is why developers can't leave GitHub despite dozens of outages — and why Microsoft stopped pretending it was ...