GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...
InfoWorld

GitHub admits major source code leak after 3,800 internal repositories breached

Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers ...
Hackaday

This Week In Security: Ubiquiti Fixes, And FreeBSD Joins The Club You Don’t Want To Join

Ubiquiti released a new security bulletin detailing fixes for six security issues, including one rated 9.1 (critical) and one scoring a perfect 10.0 on the CVE risk scale. The vulnerabilities ...

The Silent Heist: How the ‘TrapDoor’ Campaign is Hijacking Crypto and AI Developers

The security platform Socket has recently discovered an enormous worldwide malware operation that has been dubbed "TrapDoor".
Tech Times

GitHub CISO Names Nx Console as Root of 3,800-Repo Breach: OpenAI, Grafana Also Hit

GitHub CISO Alexis Wales confirmed Thursday that a poisoned build of the Nx Console Visual Studio Code extension — live on ...
How-To Geek on MSNOpinion

I finally understand why vibe coding is pulling people into programming

Vibe coding lowers the barrier to programming by letting you describe what you want, test quickly, and learn by fixing what ...

Hacker or Whistleblower? Teen claims he hacked CBSE marking portal!

At a time when lakhs of CBSE students are already dealing with revaluation portal crashes, blurred answer sheet complaints, deadline extensions and incorrect marks, a fresh controversy has now emerged ...
SecurityWeek

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack

A fresh Mini Shai-Hulud supply chain attack has hit over 320 NPM packages, along with GitHub Actions and a VS Code extension.
Decrypt

Perplexity Built a Tool That Checks Your Computer for Infected Software—Without Setting Off the Infection

Bumblebee from Perplexity scans developer machines for compromised packages and AI tool configs, without triggering malware.

Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard

Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard ...
The Caledonian-Record

La Rosa Holdings Receives Notification of Deficiency from Nasdaq Related to Delayed Filing of ...

La Rosa Holdings Corp. (NASDAQ: LRHC) (“La Rosa” or the “Company”), a real estate and PropTech enterprise, today announced that it received ...