Security firm Novee has revealed Cordyceps as a class of exploitable CI/CD vulnerabilities across open-source repositories ...

GitHub’s actions/checkout v7 now blocks risky fork PR checkouts in privileged workflows to reduce common pwn request attacks.

Researchers found Cordyceps CI/CD flaws affecting 300+ repositories, enabling code execution, credential theft, and supply ...

A github.dev flaw could let attackers steal GitHub OAuth tokens through a one-click attack, exposing private repositories and codebases.

Cursor Origin git platform launched at Compile alongside a 1.5-trillion-parameter model in training and a new iOS app, as ...

The code hosting giant GitHub said it was investigating a breach, but said there was no evidence of customer data theft.

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...

Microsoft has owned GitHub since 2018, but the widely used developer platform has operated with at least a little independence from the rest of the company, with its own separate CEO and other ...

According to The Verge, Claude Code became "perhaps a little too popular" inside Microsoft, with many engineers regularly favouring Anthropic's offering over Microsoft's own Copilot CLI.

At Config 2026, Figma introduced Code Layers, Figma Motion, and AI-generated shader effects — a set of changes that turn the ...

The golden age of Microsoft’s Github Copilot appears to be at an end — for the little guy, at least. The company is switching its billing system from a flat subscription rate to a token-usage system ...