Cybernews

GitHub confirms breach after hackers put stolen source code up for sale

GitHub has confirmed that hackers breached internal repositories through a poisoned VS Code extension after stolen source ...
Tech Times

npm Supply Chain Attacks Hit GitHub: 2FA Approval Gate Now Blocks Stolen CI Tokens

GitHub’s internal repositories — now staged publishing in npm 11.15.0 requires a human 2FA approval before any package goes ...

GitHub links repo breach to TanStack npm supply-chain attack

GitHub says the hackers who breached 3,800 internal repositories gained access via a malicious version of the Nx Console VS ...
Tech Times

GitHub CISO Names Nx Console as Root of 3,800-Repo Breach: OpenAI, Grafana Also Hit

GitHub CISO Alexis Wales confirmed Thursday that a poisoned build of the Nx Console Visual Studio Code extension — live on ...
Morning Overview on MSN

The 'mini Shai-Hulud' attack hides inside AI coding agent configs — the first supply chain attack to weaponize Claude Code and VS Code as persistence vectors

On April 29, 2026, someone slipped malicious code into four widely used SAP software packages. Within days, the infection had ...
Windows Report

GitHub Links Internal Repository Breach To TanStack Supply-Chain Attack

GitHub says the breach of roughly 3,800 internal repositories was tied to the wider TanStack npm supply-chain attack.