A newly named attack technique spotlights a fragile trust boundary: when a browser agent treats hostile web content as instruction, credentials and source code can become the prize.
A poisoned-package wave tied to Mini Shai-Hulud, Miasma, and Hades is pushing supply-chain risk into the heart of developer workstations and CI/CD pipelines.
GlassWorm puts a sharp edge on a familiar risk: developer tools can become trusted delivery points for stealthy code, hidden text, and hard-to-block command channels.
A victim listing tied to Aurora underscores how ransomware extortion can turn source code, database passwords, and CI/CD artifacts into the real prize.
A court annulment tied to AgID’s use of an external platform shows how verifiability, traceability, and source access can become legal-security requirements, not optional extras.
An unverified leak listing points to source code, a GitHub tree, and internal network maps, raising a sharper question than simple data theft: what if attackers learned how the network is built?
A reported compromise tied to a Visual Studio Code extension shows how a single trusted tool can become a gateway into source-code assets and internal development workflows.
A supply-chain incident did not stop at the package registry; one unrotated GitHub credential appears to have kept a door open into source repositories.
A fast-moving GitHub Actions campaign highlights how CI/CD automation can turn into a high-volume path toward secrets, cloud access, and source-code risk.
A GitHub-linked repository breach tied to a poisoned Nx Console VS Code extension shows how developer tooling can become the soft underbelly of source-code security.
A Senate inquiry into a claimed repository exposure involving Nightwing shows how a single code-hosting mistake can become an oversight problem long before the technical facts are fully known.
A reported malicious VS Code extension is said to have been tied to the theft of roughly 3,800 internal repositories, underscoring how developer trust can become the fastest route into source code.
A compromised coding tool reportedly helped hackers reach thousands of GitHub repositories, underscoring how quickly a developer workflow can become a supply-chain liability.
GitHub is investigating unauthorized access to internal repositories after TeamPCP allegedly claimed it could sell source code and internal organization data, a reminder that repository trust can be as sensitive as customer data.
A claim of access to roughly 4,000 internal repositories is less a finished breach story than a stress test for code-hosting trust, secrets, and enterprise identity control.
Grafana Labs’ incident shows how a repository-plane compromise can threaten source code and internal collaboration data even when customer production systems stay out of reach.
A breach claim tied to GitHub highlights a familiar cybercrime pattern: repositories are valuable because they can reveal credentials, workflows, and internal trust paths, not merely code.
A claimed sale of private GitHub data highlights a familiar danger in modern software security: when repositories, secrets, and automation sit together, one compromise can echo far beyond source code.
A long-running spear-phishing scheme aimed at aerospace software shows how trust, identity, and export controls can collapse into the same security problem.
Grafana Labs’ decision not to pay after attackers accessed its systems and downloaded its full code base highlights how source theft can turn into a long-term security problem.