Fake VS Code alerts on GitHub spread malware to developers

A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the ...
Dark Reading

GitHub 'OpenClaw Deployer' Repo Delivers Trojan Instead

An AI-assisted campaign is spreading more than 300 poisoned packages for diverse assets ranging from developer tools to game ...

New open-source app turns GitHub into a mobile and PC app store

GitHub is a vast labyrinth of amazing open-source software projects, and it can be hard to see some of the awesomeness within ...

GitHub Copilot will train on your data by default, here’s how to stop it

GitHub Copilot will train on your data by default soon. Here’s what changes, what data is used, and how to opt out.
The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...

Hackers exploit OpenClaw hype on GitHub to steal crypto funds

Crypto scammers are exploiting the rising visibility of OpenClaw to target developers through a coordinated phishing campaign ...
Decrypt

OpenClaw Developers Lured in GitHub Phishing Campaign Targeting Crypto Wallets

The phishing campaign lures OpenClaw developers with fake $5,000 token airdrops, then drains wallets through a cloned site ...

GitHub to use Copilot interaction data for AI model training

GitHub Copilot already ruffled feathers when it first arrived. and now it's going to use your interactions with it to train ...
CSO Online

GitHub phishers use fake OpenClaw tokens to drain crypto wallets

Attackers exploit OpenClaw hype with fake “CLAW” airdrops, luring developers from GitHub into wallet-draining phishing sites.

CNCF Backstage Documentary Highlights Project Evolution from Development to Global Open Source Standard for Platform Engineering

The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, today released the documentary "Backstage: From Spreadsheet to Standard," available to ...
SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...