Longtime Slashdot reader Himmy32 writes: GitHub has announced on X that their internal repositories have been breached through a compromised VS Code Extension on an employee's workstation

GitHub has confirmed a breach involving roughly 3,800 internal repositories after an employee device was compromised through a malicious VS Code extension

Initial assessment says customer data spared while users wonder what else may have slipped out

SSH keys, plaintext passwords, other sensitive data had been up since November 2025.

An anonymous reader quotes a report from KrebsOnSecurity: Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems

I wonder what's in 'external-secret-repo-creds.yaml' and 'AWS-Workspace-Firefox-Passwords.csv'?

I wonder what's in 'external-secret-repo-creds.yaml' and 'AWS-Workspace-Firefox-Passwords.csv'?

"So we've been running Azure Linux for many years internally, and we got through to 3.0, and we only allowed it on as a container host on AKS. What we've done is make it a general-purpose, so this is all the learnings that we've had in the heritage of Mariner." Under the hood, Azure Linux 4.0 is based on Fedora Linux and is delivered as an open distribution on GitHub

The leak was so bad, researchers initially thought it was a joke

Popular JavaScript modules including size-sensor and echarts-for-react hit as hijacked account closed GitHub warnings

Shai-Hulud worm exploited GitHub Actions misconfiguration to poison shared cache, now project weighing nuclear option on unsolicited contributions

A new Windows 11 bug called MiniPlasma was disclosed on GitHub, together with a PoC

CoinbaseCartel somehow obtained an access token and used it to steal files from the GitHub environment

In today’s news about DIY console building and modding, an enthusiast recently posted the fruit of their labour on GitHub: a custom PlayStation 2 (PS2) gaming handheld, built from the ground up

No customer info stolen, no impact to operations, and no blackmail payment

What happened next is one of the most remarkable stories in the history of the electric vehicle industry. Instead of accepting that their cars would become rolling paperweights, Fisker Ocean owners organized, reverse-engineered their vehicles' proprietary software, hacked into CAN bus networks, built open-source tools on GitHub, and effectively stood up a volunteer-run open-sourced car company from the ashes of Fisker..

"Every link leads to an entry that does not exist yet," explains the GitHub page for a Wikipedia-like site called Halupedia

An influx of agents is pushing GitHub to the brink

Claude Code has proven a hit among Microsoft's engineers, but the company now wants them to switch to GitHub Copilot CLI

Louis Rossmann posted yet another YouTube video taunting the 3D printing juggernaut into taking legal action. In the video, he stated the contentious fork of OrcaSlicer-BambuLab was now hosted on his own FULU (Freedom from Unethical Limitations) Foundation GitHub

Where its been well and truly forked, seemingly without Microsofts code locker noticing

Microsoft says attackers compromised the mistralai PyPI package with malware that executed on import, while researchers link related npm compromises affecting TanStack and Mistral SDKs to the broader Mini Shai-Hulud supply-chain campaign

But Tuesday independent developer Pawel Jarczak shuttered the project "following legal threats from Bambu Lab," reports Tom's Hardware: Jarczak's fork of OrcaSlicer would have allowed users to bypass Bambu Connect, a middleware application that severely limits OrcaSlicer's access to remote printer functions in the name of security. Jarczak said in a note on GitHub that Bambu Lab threatened him with a cease and desist letter and accused him of reverse engineering its software in order to impersonate Bambu Studio

Open-source PS3 emulator RPCS3 "has been around since 2011," Kotaku notes, and has made 70% of the PlayStation 3's library fully playable, "bolstered in part by the many users who contribute to its GitHub page." But their dev team "took to X today to very kindly and civilly request that users 'stop submitting AI slop code pull requests' to its GitHub page." Then they immediately proceeded to tell the AI-brain-rotted tech bros attempting to justify their vibe-coding nonsense to kick rocks in the replies, which is somewhat less civil but far more entertaining to read..

A GitHub project shares details of the prototype for 'a fully working computer that is literally the size of a credit card,' dubbed the Muxcard

New submitter spazmonkey writes: From a hidden GPS tracker polling your location every 4.5 minutes to JavaScript loaded from a random GitHub account, no SSL certificate pinning, and an in-app browser that silently strips cookie consent dialogs and paywalls from every page you visit, the new White House app seems to have a little bit of everything

Healthcare giant's maintainers handed May deadline to enact the change The UK's National Health Service (NHS) is ordering all of its technology leaders to temporarily wall off the organization's open source projects over concerns relating to advanced AI and Anthropic's Mythos

If you can't bother to keep GitHub running, why should we bother with you? Opinion It's been another shabby week for Microsoft, and a shabbier one for its users

Windows is a mess, GitHub keeps wobbling, Copilot draws flak - whats wrong at Redmond? kettle When it comes to making decisions that piss off your user base, no one knows how to do it like Microsoft.

Video showcases the Nintendo Kawaii project, in which modders have shrunken a boxy GameCube down to a keychain

The Netherlands has launched a self-hosted Git platform to gain control over code infrastructure, reduce reliance on external providers, and support collaboration

This CVSS 10.0 RCE vuln has been patched, automatically for some, so better check those workflows If you use Gemini CLI, watch out: Google has patched a CVSS 10.0 vulnerability in its command-line AI tool and is warning anyone running it in headless mode, or through GitHub Actions, to review their workflows.

Team wins praise for adding 'disable all AI features' setting for devs who want a code editor to be only a code editor The Rust-built Zed editor has reached version 1.0, released yesterday, with development led by former members of the Atom team at GitHub.

An anonymous reader quotes a report from Ars Technica: The system prompt for OpenAI's Codex CLI contains a perplexing and repeated warning for the most recent GPT model to "never talk about goblins, gremlins, raccoons, trolls, ogres, pigeons, or other animals or creatures unless it is absolutely and unambiguously relevant to the user's query." The explicit operational warning was made public last week as part of the latest open source code for Codex CLI that OpenAI posted on GitHub

Claude ploughs through months of work in rapid time, helps Wiz researchers nab lucrative award Wiz researchers are set for a tidy payday thanks to their discovery of a high-severity flaw in GitHub's git infrastructure that handed remote attackers full read/write access to private GitHub repositories using a single command.

Hashicorp co-founder Mitchell Hashimoto says GitHub's frequent outages have made it "no longer a place for serious work," prompting him to move his Ghostty terminal emulator project elsewhere after 18 years on the platform

After Hashicorp co-founder blasts the source shack and numbers slide Microsoft's code hosting shack Github has published a lengthy mea culpa about its availability and reliability woes - one that includes the words "we are sorry."

Bemoans frequent outages that mean hell move Ghostty elsewhere Hashicorp co-founder Mitchell Hashimoto has decided GitHub is so unstable it is no longer a place for serious work, and will therefore move his current project elsewhere.

GitHub says it can no longer absorb "escalating inference cost" from it heaviest AI users.

The all-you-can-eat AI buffet is coming to an end Microsoft is closing the AI buffet offered to GitHub Copilot customers, acknowledging that it cant sell AI like Red Lobster's Endless Shrimp.

Vendor confirms repo data exposure after Lapsus$ claims source code, secrets dump Software security testing outfit Checkmarx has become the latest organization caught up in an ongoing attack on security-tool providers. The biz said data posted online appears to have come from one of its GitHub repositories after the Lapsus$ extortion crew claimed to have dumped the companys source code, secrets, and other sensitive data.

GitHub said in a blog post today that it is moving Copilot to usage-based billing starting June 1

It also excludes code repository providers and containerized software distribution from being defined as covered application stores. This is meant to prevent platforms like GitHub, GitLab, Docker, or Podman-based distributions from being treated like commercial app stores under the bill

This breach was the next in a chain of supply-chain attacks that have affected Checkmarx KICS and Aqua Security's Trivy scanners. The breach was quickly detected and reported by JFrog on the GitHub repository; JFrog also provided a technical write-up

The latest round of GitHub closures underscores a broader pullback in Intel's open-source footprint amid ongoing restructuring

Opt-out instructions included if you're not keen on GitHub watching you in the name of product improvement Users of GitHub's command-line interface (CLI) who value privacy, beware

These included using access the person had as a worker at a third-party contractor for Anthropic and trying commonly used internet sleuthing tools often employed by cybersecurity researchers, the person said. The users are part of a private Discord channel that focuses on hunting for information about unreleased models, including by using bots to scour for details that Anthropic and others have posted on unsecured websites such as GitHub