A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.
Dark Reading

35K Malicious Code Insertions in GitHub: Attack or Bug-Bounty Effort?

A hacker going by the handle "Pl0xP" cloned a large number of GitHub repositories and slightly changed the cloned repository names, in a typosquatting effort to impersonate legitimate projects — thus ...
Hosted on MSN

Trellix just admitted hackers broke into its own source-code repository — exposing the cybersecurity firm’s internal tools to outsiders

A cybersecurity company trusted to guard some of the largest networks in the country has confirmed that hackers penetrated its own source-code repository. Trellix, whose endpoint detection and ...
Morning Overview on MSNOpinion

Hackers just walked off with 3,800 of GitHub’s internal code repositories — smuggled out by a single poisoned plugin a GitHub developer trusted

Somewhere inside GitHub, a developer installed a Visual Studio Code extension. It looked like any other productivity plugin ...
Guru3D.com

Malicious VS Code Extension Linked to Theft of 3,800 GitHub Repositories

A reported software supply chain attack involving a malicious Visual Studio Code extension has exposed the growing security risks surrounding modern development environments. According to published ...
CSOonline

Google to launch repository service with security-tested versions of open-source software packages

The paid Assured Open Source Software service will offer common open-source packages after vetting the provenance of its code and dependencies. Developers across the enterprise space are concerned ...
WinBuzzer

VS Code Exploit Can Steal GitHub Tokens via github.dev

A VS Code exploit for github.dev can steal GitHub OAuth tokens after one malicious link, exposing private repositories while teams await a patch.