GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply ...

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...
InfoWorld

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...
The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...

CodeQL 2.25.5がリリース、GitHub Actions対応と精度向上を実現

GitHubは5月28日(現地時間)、コードスキャン機能の中核である静的解析エンジンCodeQLの最新バージョン2.25.5を公開した。今回のアップデートでは、C/C++、Java/Kotlin、GitHub ...

GitHub、AIエージェントネイティブなデスクトップ体験を提供する ...

複数のAIエージェントによる開発業務を可視化・一元管理し、開発者による品質管理と意思決定を支援 2026年6月2日(米国時間) - 米国カリフォルニア州サンフランシスコ - ...

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable ...

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious versions anyway. The CI/CD Trust-Chain Audit Grid maps the six gaps it ...
Windows Report

Microsoft Launches GitHub Copilot Desktop App for Agent-Native Development

GitHub launches a new Copilot desktop app with AI agents, code review upgrades, sandboxes, and automation tools for ...