News

Thousands of GitHub repositories exposed via Microsoft Copilot
Copilot has access to private GitHub repositories, researchers found The repositories were public at some point, and Bing ...
The Register on MSN14d
That massive GitHub supply chain attack? It all started with a stolen SpotBugs token
But this mystery isn't over yet, Unit 42 opines That massive GitHub supply chain attack that spilled secrets from countless projects? It traces back to a stolen token from a SpotBugs workflow - ...
Bleeping Computer1mon
GitHub Action supply chain attack exposed secrets in 218 repos
GitHub Action' tj-actions/changed-files' was compromised by attackers who added a malicious commit on March 14, 2025, to dump CI/CD secrets from the Runner Worker process to the repository.
theregister1mon
Google acquisition target Wiz links fresh supply chain attack to 23K pwned GitHub repos
McCarthy said: "We can tell the attacker gained sufficient access to update the v1 tag to the malicious code they had placed on a fork of the repository. The reviewdog GitHub Organization has a ...
GitHub announces agent mode and MCP support now rolling out to all Visual Studio Code users
The largest software code repository on the planet, GitHub, is making its Copilot AI co-developer a whole lot more agentic ...