GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

For more than a year, a self-propagating worm rode VS Code extensions, npm packages, and stolen developer credentials through ...

GitHub confirms an employee’s compromised device led to exfiltration of internal repositories via a poisoned VSCode extension Threat actors TeamPCP are selling an archive of roughly 4,000 repos on the ...

GitHub has confirmed that a recent breach into its internal repositories was caused by a vulnerability in a Microsoft Visual Studio Code (VS Code) extension called ‘Nx Console.’ The security team at ...

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to ...

Update May 21: GitHub has now linked this breach to the TanStack npm supply-chain attack and says the employee installed a malicious version of the Nx Console extension. GitHub has confirmed that ...

OpenAI today launched Codex for Chrome, a Chrome extension that lets Codex work directly in the browser on Macs and PCs. With the extension, Codex can use the browser to test web apps, get context ...

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.

In File Explorer on some volumes, you may see a new folder called FOUND.000 with a file in it using the .CHK extension. In this post, we will explain what this folder is and the file it contains and ...