GitHub lost 3,800 internal repos after poisoned Nx Console update exposed developer credentials and supply-chain risk.

GitHub says the hackers who breached 3,800 internal repositories gained access via a malicious version of the Nx Console VS Code extension, compromised in last week's TanStack npm supply-chain attack.

Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers ...

TeamPCP exfiltrated 3,800 internal GitHub repositories after poisoning a VS Code extension. No customer data was affected, the company says.

GitHub has confirmed a breach involving roughly 3,800 internal repositories after an employee device was compromised through ...

TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages ...

Set up local AI coding workflows using Codex and Ollama to build, edit, and review software without cloud subscriptions.

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...

Preview of new companion app allows developers to run multiple agent sessions in parallel across multiple repos and iterate on human and agent reviews. Visual Studio Code 1.115, the latest release of ...

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Dany Lepage discusses the architectural ...

Attackers stole a long-lived npm access token belonging to the lead maintainer of axios, the most popular HTTP client library in JavaScript, and used it to publish two poisoned versions that install a ...