Despite this, the Microsoft-owned platform seems intent on pushing more and more GenAI features on users. Microsoft CEO Satya ...

On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 ...

Google is now requiring its software engineers to get approval before utilizing external AI coding assistants, pushing them ...

A new supply chain attack on GitHub, dubbed 'GhostAction,' has compromised 3,325 secrets, including PyPI, npm, DockerHub, ...

Calls to shun Microsoft and GitHub go back a long way in the open source community, but moved beyond simmering ...

JFrog and GitHub link a range of tools and functions to secure code, deployment and supply chain – with Copilot and in ...

Hackers are using Ethereum smart contracts to conceal malware payloads inside seemingly benign npm packages, a tactic that ...

Tencent Holdings, a leading Chinese gaming and messaging company, has hired Yao Shunyu, a top artificial intelligence (AI) ...

California Attorney General Rob Bonta and Delaware Attorney General Kathy Jennings in an open letter [PDF] cited "the ...

This breach exposed a critical weakness in the current CI/CD security model: the assumption that automated workflows are inherently benign. The GhostAction supply chain campaign underscores how ...

Within days of joining Meta, Shengjia Zhao, co-creator of OpenAI’s ChatGPT, had threatened to quit and return to his former ...

Two npm packages hide downloader commands via Ethereum smart contracts; uploaded July 2025; targeting crypto developers.