VS Code zero-day lets hackers steal GitHub tokens in one click
… They also marked it as not having any security impact. …
Search
GitHub confirms breach of 3,800 repos via malicious VSCode extension
… Send your offers to the communications below, we are not interested in under 50k, the best offer will get it." TeamPCP was previously linked to massive supply chain attacks targeting developer code platforms, including GitHub , PyPI , NPM , and Docker , and, more recently, to the "Mini Shai-Hulud"… …
Shai Hulud attack ships signed malicious TanStack, Mistral npm packages
… Lists of compromised packages are available in the reports from various security vendors 1 , 2 , 3 , 4 , 5 , and it is recommended to check all the resources for a complete view of the impact. …
GitHub disables Microsoft repos pushing password-stealing malware
… StepSecurity published a separate report focusing on a Shai-Hulud attack impacting Pythagora-io/gpt-pilot , a popular open-source AI developer tool with more than 33,700 GitHub stars and over 3,500 forks. …
XBOW tests Anthropic's Mythos Preview for offensive security
… One bit that slightly shocked us here was Mythos Preview’s performance on our command safety benchmark, where we ask the models to consider whether a given script is safe to execute without impacting the target site. …