Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible ...
Tom's Hardware on MSN

Invisible malicious code attacks 151 GitHub repos and VS Code

The technique exploits Unicode Private Use Area characters, which render as zero-width whitespace in virtually every code ...

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...

GitHub Copilot unlocks OpenAI's GPT-5.4 in VSCode and more

GitHub Copilot has added OpenAI’s GPT-5.4 coding model, bringing improvements to reasoning and multi step development tasks.

GitGuardian Reports an 81% Surge of AI-Service Leaks as 29M Secrets Hit Public GitHub

The Human Factor Remains Critical GitGuardian, the security leader behind GitHub's most installed application, today released ...
The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...
CNBC

Microsoft introduces GitHub AI agent that can code for you

Microsoft's GitHub unit is enabling developers to summon the Copilot artificial intelligence assistant and ask it to handle specific tasks, such as fixing bugs or rewriting code. Copilot submits its ...
The Information

OpenAI Is Developing an Internal Alternative to Microsoft’s GitHub

OpenAI is developing an alternative to GitHub, Microsoft’s popular code repository that lets software engineers store, share ...
Ars Technica

Twitter source code was leaked on GitHub shortly after Musk’s layoff spree

Portions of Twitter’s source code recently appeared on GitHub, and Twitter is trying to force GitHub to identify the user or users who posted the code. GitHub disabled the repository on Friday shortly ...