WinBuzzer

Windows Zero-Day Published on Github as Microsoft Fails to Act

A researcher has published a Windows zero-day exploit called BlueHammer on GitHub after Microsoft's Security Response Center ...
WinBuzzer

AI Coding: GitHub Hit by Outages as AI Agents Flood Platform

GitHub has logged five incidents in two days as AI coding agents overwhelm its infrastructure, while Meta's token leaderboard ...
Visual Studio Magazine

Microsoft Ships Production-Ready Agent Framework 1.0 for .NET and Python

Microsoft has released version 1.0 of its open-source Agent Framework, positioning it as the production-ready evolution of the project introduced in October 2025 by combining Semantic Kernel ...

Anthropic says its leak-focused DMCA effort unintentionally hit legit GitHub forks

“The repo named in the notice was part of a fork network connected to our own public Claude Code repo, so the takedown ...
HealthcareInfoSecurity

LiteLLM Hit in Cascading Supply-Chain Attack

Threat group TeamPCP exploited credentials stolen in the Trivy breach to push malicious versions of LiteLLM to PyPI, exposing developers to credential theft, ...
blockchain

GitHub Expands Push Protection Controls to Repository Level

GitHub now allows developers to manage secret scanning push protection exemptions directly from repository settings, bypassing organization-level configurations. GitHub has rolled out repository-level ...
Bleeping Computer

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. Evidence ...
Wall Street Journal

OpenAI to Cut Back on Side Projects in Push to ‘Nail’ Core Business

OpenAI’s top executives are finalizing plans for a major strategy shift to refocus the company around coding and business users, recognizing that a “do everything all at once” strategy has put them on ...
The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

The GlassWorm malware campaign is being used to fuel an ongoing attack that leverages the stolen GitHub tokens to inject malware into hundreds of Python repositories. "The attack targets Python ...
SecurityWeek

ForceMemo: Python Repositories Compromised in GlassWorm Aftermath

Hundreds of GitHub accounts were accessed using credentials stolen in the VS Code GlassWorm campaign. Threat actors have been abusing credentials stolen in the VS Code GlassWorm campaign to hack ...
Ars Technica

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...
Dark Reading

Flaws in Claude Code Put Developers' Machines at Risk

Three critical security vulnerabilities in Anthropic’s AI-powered coding tool, Claude Code, exposed developers to full machine takeover and credential theft simply by opening a project repository.