GitHub Investigates Major Hack Claim as TeamPCP Offers 4,000 Private Code Repositories for Sale

GitHub is investigating an alleged breach after TeamPCP claimed access to nearly 4,000 private repositories, though no impact ...
Tech Times

500 Poisoned Packages, Hundreds of Companies: TeamPCP’s Worm Just Reached GitHub

A GitHub employee installed a routine VS Code extension update, handed cybercrime group TeamPCP enough access to exfiltrate ...
The Next Web

GitLab 19.0 bets that the real bottleneck in software delivery is everything after writing the code

GitLab 19.0 extends agentic AI across the full development lifecycle with SBOM dependency scanning, Claude Opus 4.7 support, and credit-based agent pricing.

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

Valid certificates, stolen accounts: how attackers broke npm's last trust signal

Stolen credentials produced valid Sigstore certificates, clearing 633 malicious npm packages — one of seven developer tool ...
Design News

CU Boulder Researchers Launch OpenVCAD, a Tool for Multi-Material 3D Printing

The future of 3D printing includes multi-material design, and it just got a major upgrade. Researchers at the University of ...

Forcepoint details TeamPCP supply chain attack that turned LiteLLM into a credential stealer

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that ...
Memeburn

GitHub Hack Exposes 3,800 Repos and a Bigger VS Code Risk

GitHub hack exposed 3,800 internal repos through a poisoned VS Code extension, raising new concerns over developer supply ...
Le Lézard

OpenSSF Notes Quarter of Growth with New Members, Added AI Security Resources, and Growing Community

OpenSSF Community Day North America ? The Open Source Security Foundation (OpenSSF), a cross-industry initiative of the Linux Foundation focused on sustainably securing open source software, today ...
Morning Overview on MSN

The AI-generated zero-day discovered by Google used clean 'textbook' Python code — a hallmark of large language model output

The exploit code was almost too neat. When Google’s Threat Intelligence Group flagged a previously unknown software ...
Visual Studio Magazine

The Rise of OpenTelemetry in Microsoft Dev Tooling

CNCF graduation, Microsoft tooling updates and cloud-provider support show broader OpenTelemetry adoption across developer platforms.
CoinJournal

TrapDoor attack targets crypto wallets, AWS keys and GitHub tokens

A coordinated malware campaign known as TrapDoor has hit software ecosystems widely used by crypto and blockchain developers.