New GitHub Zero-Day Exposed Developer Tokens to Attackers

A github.dev flaw could let attackers steal GitHub OAuth tokens through a one-click attack, exposing private repositories and ...
The Hacker News

Microsoft Fixes One-Click GitHub Dev Attack That Let Attackers Steal OAuth Tokens

VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.

Build 2026: Microsoft Announces GitHub Copilot App

The GitHub Copilot desktop app is like a central dashboard for managing AI agents and interacting with GitHub.
The Verge

GitHub faces a fight for its survival at Microsoft

GitHub is battling outages, security issues, and a talent exodus. GitHub is battling outages, security issues, and a talent exodus. is a senior correspondent and author of Notepad, who has been ...
Wired

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

A so-called software supply chain attack, in which hackers corrupt a legitimate piece of software to hide their own malicious code, was once a relatively rare event but one that haunted the ...
Bleeping Computer

GitHub confirms breach of 3,800 repos via malicious VSCode extension

Update May 21: GitHub has now linked this breach to the TanStack npm supply-chain attack and says the employee installed a malicious version of the Nx Console extension. GitHub has confirmed that ...
PC World

Windows 11 still runs on code from the 1990s, Microsoft admits

PCWorld reports that Windows 11 still relies on code from the 1990s, particularly the Win32 API from Windows 95, for basic functions like right-clicking. Microsoft CTO Mark Russinovich acknowledges ...
9to5Mac

iOS 26.4.2 fixes bug that allowed deleted notifications to be retrieved

iOS 26.4.2 is available now as the latest iPhone update, and it includes a key security fix that ensures deleted notifications can’t be retrieved or restored later. Important security fix available ...
The New York Times

Anthropic’s Leaked Code Tests Copyright Challenges in A.I. Era

Artificial intelligence tools are making it faster than ever to reproduce creative work. Does copyright even matter anymore? By Meaghan Tobin Reporting from Taipei, Taiwan Sigrid Jin was waiting to ...
Engadget

YouTube is muting push notifications from channels you don't watch

YouTube notifications can get messy fast, particularly if you're subscribed to a lot of different channels. To address that, today the company will begin muting push notifications from creators that ...
Bleeping Computer

Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google's Protocol Buffers. The tool is highly ...
VentureBeat

We tested Anthropic’s redesigned Claude Code desktop app and 'Routines' — here's what enterprises should know

VentureBeat made with Google Gemini 3.1 Pro Image The transition from AI as a chatbot to AI as a workforce is no longer a theoretical projection; it has become the primary design philosophy for the ...