Tech Times

GitHub Copilot CLI Adds Pre-Commit Security Scanner: LLM Inference at the Detection Layer

GitHub Copilot security scanning arrives in the terminal with /security-review, an experimental pre-commit slash command that ...
CSO Online

GitHub Actions hardens checkout security to block ‘pwn request’ attacks

After years of trying to educate developers to use pull_request_target securely, the platform finally implements stronger ...
ZAWYA

Kaspersky Container Security introduces new features to optimize DevSecOps and Detect GitHub Actions misconfigurations

The new release of Kaspersky’s security solution for containerized environments accelerates development and compliance ...
Dark Reading

Supply Chain Attacks Targeting GitHub Actions Increased in 2025

Some of the most significant software supply chain incidents over the past year were carried out by threat actors who exploited vulnerabilities in GitHub, the global repository widely used by software ...
WinBuzzer

VS Code Exploit Can Steal GitHub Tokens via github.dev

A VS Code exploit for github.dev can steal GitHub OAuth tokens after one malicious link, exposing private repositories while teams await a patch.
Bleeping Computer

GitHub confirms breach of 3,800 repos via malicious VSCode extension

Update May 21: GitHub has now linked this breach to the TanStack npm supply-chain attack and says the employee installed a malicious version of the Nx Console extension. GitHub has confirmed that ...

The ‘Miasma’ worm source code briefly leaked on GitHub

The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain ...