Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...

VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.

Miasma hit 73 Microsoft repos across four GitHub orgs, forcing access disablement and exposing open-source trust risks.

Apple's Game Porting Toolkit has been supercharged with AI agents, which might make it significantly easier to bring a game ...

GitHub Copilot pricing shifted to token-based billing today for 4.7 million paid subscribers, replacing flat-rate requests ...

Its disclosure raises questions about what security researchers should expect from vendors, and how far in advance of its ...

CEO Elon Musk has made yet another sweeping prediction about the future of work, this time aimed squarely at software ...

Researchers say prompt injection attacks could manipulate AI coding agents to access sensitive credentials stored in software ...

A security researcher has publicly disclosed a new Visual Studio Code zero-day vulnerability that can reportedly let ...

A massive supply chain attack dubbed Megalodon has infected over 5,500 GitHub repositories with credential-stealing malware, ...

VS Code agents are now in Stable preview, and the 1.122 update removed the GitHub OAuth requirement from BYOK, letting defense, healthcare, and finance developers run fully air-gapped AI-assisted ...