Hosted on MSN

A single 'git push' could hijack millions of GitHub repositories — and nobody knew for weeks

Sometime in early 2026, a flaw hiding inside one of the most routine actions in software development went live on the world’s largest code-hosting platform. Every time a developer ran git push to send ...
The Next Web

A single GitHub issue could have hijacked Anthropic’s own Claude Code action and poisoned every project that uses it

A flaw in Claude Code's GitHub Action let attackers bypass permission checks via fake bots and steal OIDC tokens through prompt injection.

GitHub says hackers stole data from thousands of internal repositories

The code hosting giant GitHub said it was investigating a breach but said there was no evidence of customer data theft.

GitHub confirms breach — thousands of internal repositories hit

TeamPCP continues its attack on open source projects, now apparently asking for $50,000.
CPO Magazine

Megalodon Supply Chain Attack Infects Over 5,500 GitHub Repositories with Backdoors and Stealers

A massive supply chain attack dubbed Megalodon has infected over 5,500 GitHub repositories with credential-stealing malware, ...
Bleeping Computer

GitHub can now auto-block commits containing API keys, auth tokens

GitHub has announced on Monday that it expanded its code hosting platform's secrets scanning capabilities for GitHub Advanced Security customers to block secret leaks automatically. Secret scanning is ...