Latest news

1-Click GitHub Token Theft: VSCode Webview Flaw Exposes OAuth Tokens for All Private Repositories
Vulnerability

1-Click GitHub Token Theft: VSCode Webview Flaw Exposes OAuth Tokens for All Private Repositories

3 June 2026 dark6

A critical VSCode webview vulnerability lets attackers steal GitHub OAuth tokens with a single click, granting full access to all...
Read more 0
GitHub Confirms Internal Repository Breach via Malicious VS Code Extension — TeamPCP Claims 3,800 Repos Stolen
Databreach

GitHub Confirms Internal Repository Breach via Malicious VS Code Extension — TeamPCP Claims 3,800 Repos Stolen

20 May 2026 dark6

GitHub has confirmed unauthorized access to its internal repositories after a malicious Visual Studio Code extension compromised an employee device....
Read more 0
Grafana Labs Security Breach: Hackers Steal GitHub Token, Download Private Codebase, and Demand Ransom
Databreach

Grafana Labs Security Breach: Hackers Steal GitHub Token, Download Private Codebase, and Demand Ransom

18 May 2026 dark6

A threat actor infiltrated Grafana Labs GitHub environment using a stolen privileged token to download the company private codebase. The...
Read more 0
Critical GitHub RCE Vulnerability CVE-2026-3854 Exposed Millions of Repositories to Cross-Tenant Access
Vulnerability

Critical GitHub RCE Vulnerability CVE-2026-3854 Exposed Millions of Repositories to Cross-Tenant Access

29 April 2026 dark6

Wiz researchers used AI-augmented reverse engineering to uncover CVE-2026-3854, a critical RCE flaw in GitHub's internal git infrastructure that could...
Read more 0
Hackers Weaponize Fake Claude Code Leak to Distribute Vidar Infostealer and GhostSocks Proxy Malware
Malware

Hackers Weaponize Fake Claude Code Leak to Distribute Vidar Infostealer and GhostSocks Proxy Malware

28 April 2026 dark6

Threat actors are using fake GitHub repositories impersonating the leaked Anthropic Claude Code source to deliver a Rust dropper that...
Read more 0
Sophos exposes massive GitHub campaign distributing backdoored malware
Malware

Sophos exposes massive GitHub campaign distributing backdoored malware

4 June 2025 securebulletin.com

A sophisticated malware campaign targeting hackers, gamers, and cybersecurity researchers has been uncovered on GitHub, leveraging fake exploits, game cheats,...
Read more 0
3.1 million fake “stars” on GitHub projects
Malware

3.1 million fake “stars” on GitHub projects

31 December 2024 securebulletin.com

A recent study has unveiled a troubling trend on GitHub, revealing that over 3.1 million fake “stars” have been used...
Read more 0