The Hacker News

Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories

A security researcher found a flaw in Anthropic's Claude Code GitHub Action that let an attacker take over vulnerable public repositories running it, with nothing more than a single opened GitHub ...
The Hacker News

Microsoft Fixes One-Click GitHub Dev Attack That Let Attackers Steal OAuth Tokens

Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS Code) that makes it possible to steal a user's GitHub token. "Just by clicking a link, it's possible ...
Microsoft

Microsoft Build 2026: Securing code, agents, and models across the development lifecycle

Today, developers and security teams are caught in growing tension. AI is accelerating development and introducing new issues around insecure code, opaque models, data exposure, and compliance. Add ...
Microsoft

Microsoft Build 2026: Be yourself at work

Platforms shift when developers build. We explore, choose tools, dream, create. This platform shift comes with more information than ever, ready at your fingertips. This shift, it’s about building ...
GitHub

Claude Code Bootcamp — Build 10 Real-World Projects with Claude Code

Where do I start? → Open exercises/part-01/README.md. Everything else on this page is reference material. Full pre-work is in student-guide.md. During the bootcamp ...
Visual Studio Magazine

VS Code 1.122 Lets BYOK Work Without GitHub Sign-In

VS Code 1.122 removes the GitHub sign-in blocker for BYOK, making enterprise and offline AI workflows practical. BYOK now supports chat, tools and MCP servers while signed out. The release also ...
Ars Technica

Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code

The controversy over vibe coding reached a new high this week after a developer added hidden instructions to his open source Java testing app to sabotage projects performed by AI coding agents. The ...
GitHub

Microsoft Build of OpenJDK - Trusted Java Runtime

Download Microsoft Build of OpenJDK for a trusted, production-ready Java runtime backed by Microsoft. Get secure OpenJDK binaries, long-term updates, container-friendly builds, and clear guidance for ...
Wired

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

A so-called software supply chain attack, in which hackers corrupt a legitimate piece of software to hide their own malicious code, was once a relatively rare event but one that haunted the ...
Infosecurity-magazine.com

GitHub Breach Traced to Malicious 'Nx Console' VS Code Extension

GitHub has confirmed that a recent breach into its internal repositories was caused by a vulnerability in a Microsoft Visual Studio Code (VS Code) extension called ‘Nx Console.’ The security team at ...
SiliconANGLE

GitHub confirms breach of 3,800 internal repos after employee installs poisoned VS Code extension

Hackers exfiltrated roughly 3,800 of GitHub Inc.’s internal code repositories after one of its employees installed a poisoned Visual Studio Code extension, the Microsoft Corp.-owned developer platform ...
VentureBeat

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed on May 20 that a poisoned VS Code extension installed on an employee’s device gave attackers access to roughly 3,800 internal repositories at the Microsoft-owned code storage and ...