Open source Git service Gogs is affected by a critical-severity zero-day vulnerability that exposes servers to remote code execution.

Microsoft's May 2026 VS Code update makes BYOK usable in restricted environments while adding agent, browser and issue-reporting updates.

Cybercriminals used the Glassworm botnet to infect open source software projects with malware, and in turn hack the ...

A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an ...

CISA GitHub credential leak exposed AWS GovCloud admin keys, plaintext passwords, and an RSA private key for six months via a ...

Researchers say the campaign abused compromised access tokens and deploy keys to inject malicious GitHub Actions workflows ...

On the night of May 22, 2026, an unidentified attacker with push access to the Laravel-Lang GitHub organization rewrote every existing version tag across four widely used PHP localization packages — ...

Security researchers say 5,500 GitHub repositories have been affected by the attack.

A supply chain attack targeting the Laravel Lang localization packages has exposed developers to a sophisticated ...

Laravel-Lang compromise tagged 700+ versions on May 22–23, 2026, triggering PHP stealers that exfiltrate credentials.

GitHub has said it found about 3,800 internal repositories accessed in the breach and stressed that these contained its own code rather than customer projects. The ...

Aider gets a lot of things right.