TheServerSide

How to set a Git username and password in Git config

Repeated prompts to enter your Git username and password are a frustrating annoyance developers can live without. Unfortunately, if your Git installation has not been configured to use a credential ...

New GitHub Zero-Day Exposed Developer Tokens to Attackers

A github.dev flaw could let attackers steal GitHub OAuth tokens through a one-click attack, exposing private repositories and codebases.
The Hacker News

Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks

Researchers found Cordyceps CI/CD flaws affecting 300+ repositories, enabling code execution, credential theft, and supply ...
Bleeping Computer

GitHub investigates internal repositories breach claimed by TeamPCP

Update May 20, 04:17 EDT: GitHub has now confirmed the breach of ~3,800 internal repositories after an employee installed a malicious VS Code extension. GitHub is investigating a breach of its ...
CSOonline

Infected Red Hat npm packages expose developer credentials

Researchers have uncovered a new Shai-Hulud malware variant that now also gathers Google Cloud and Azure identities, an addition to its previous credential-snatching behavior. Developers who pulled ...
InfoQ

GitHub Copilot Desktop App Targets Parallel Agentic Workflows

GitHub has introduced the GitHub Copilot app, a desktop control centre for agent-native development that aims to keep ...
TechCrunch

CrowdStrike and Google take down botnet used by hackers to target open source software developers

CrowdStrike, working with Google and Shadowserver, a nonprofit organization that scans and monitors the internet for cyberattacks, took down a botnet that cybercriminals used to push malware and steal ...
Hosted on MSN

Hacker group hits 3,800 internal GitHub repositories via poisoned developer plugin

GitHub has officially confirmed, via an X post today, that thousands of its internal repositories were breached after an employee's device was compromised through a malicious Visual Studio Code ...
Dark Reading

GitHub Confirms Breach, 4K Internal Repos Stolen

GitHub confirmed today it was breached via an attacker that stole thousands of internal repositories. "As always this is not a ransom. We do not care about extorting GitHub, 1 buyer and we shred the ...
Digit

GitHub investigating cyberattack linked to malicious VS Code extension and leaked internal repositories

GitHub has confirmed that it is investigating a security breach incident after a threat group known as TeamPCP allegedly gained access to the company’s internal repositories and later attempted to ...
InfoQ

Argo CD 3.5 Tightens Supply Chain Security with Internal mTLS and Source Integrity

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
Bleeping Computer

GitHub confirms breach of 3,800 repos via malicious VSCode extension

Update May 21: GitHub has now linked this breach to the TanStack npm supply-chain attack and says the employee installed a malicious version of the Nx Console extension. GitHub has confirmed that ...