GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...
InfoQ

AI-Powered Bot Compromises GitHub Actions Workflows Across Microsoft, DataDog, and CNCF Projects

AI-powered bot hackerbot-claw exploited GitHub Actions workflows across Microsoft, DataDog, and CNCF projects over 7 days ...
GitHub

[MLIR] VSCode plugin has outdated minimatch dependency causing security alerts

Automated security scanning tools are reporting that this version of minimatch was vulnerable to CVE-2026-27903 and CVE-2026-27904. (In my case, MSVC uses llvm-project as a submodule for ASan and ...
GitHub

VS Code GitHub Projects

Rather than having a separate Kanban board for collaborating on projects separately from GithHub Projects, we created an extension which allows users to fetch repository, organization, and project ...