Attack on GitHub.dev steals OAuth token for all repos

The web version of the VS Code editor on GitHub.dev had a security vulnerability that allowed attackers to take over all of a ...
The Next Web

One click on GitHub.dev is all it takes to hand over your private repositories

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.

Another bug hunter leaks Microsoft exploits in defiance of company’s handling of vulnerability disclosures

D Yet another aggrieved bug hunter has leaked a vulnerability affecting a Microsoft product after becoming disillusioned with ...

OpenAI extends Codex with productivity tools for nontechnical users

Codex’s new plugin collection is rounded out by two extensions for salespeople and data science teams. Both can automate data ...

Build 2026: Microsoft Brings More On-Device AI to Edge

Tied to the earlier Windows 11 developer news, Microsoft is also bringing more local AI capabilities to its Edge web browser ...
The Hacker News

GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

GlassWorm poisoned 300 GitHub repositories since 2025, enabling supply chain attacks against developers and organizations.
SecurityWeek

GlassWorm Botnet Disrupted

The four C&C channels used by GlassWorm, the botnet targeting open source software developers, have been disrupted.

Popular Brickell restaurant to close after decade

A longtime Brickell late-night restaurant plans to close after a decade in business following a recent Formula 1 ...
Yardbarker

Packers long-term outlook at key position creates even more urgency for quick contract extension resolution

Tight ends Tucker Kraft, Luke Musgrave, Josh Whyle, Messiah Swinson, and Drake Dabney are all entering a contract year in Green Bay. Look at a yearly table with positional groupings on the Green Bay ...
Dark Reading

GitHub Confirms Breach, 4K Internal Repos Stolen

GitHub confirmed today it was breached via an attacker that stole thousands of internal repositories. "As always this is not a ransom. We do not care about extorting GitHub, 1 buyer and we shred the ...