GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...
The Hacker News

GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns

GitHub’s actions/checkout v7 now blocks risky fork PR checkouts in privileged workflows to reduce common pwn request attacks.

Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with running a seemingly benign GitHub repository could execute a malicious payload that is ...
Ars Technica

Auth error trying to copy a repo with Github Actions

So, thanks to a helpful Github employee on StackOverflow, I learned that GHA has a couple of helpful "features" that were tripping me up: - The 'checkout@v2' action by default only does a minimal ...
CSOonline

GitHub Actions attack renders even security-aware orgs vulnerable

Many open-source repositories contain privileged GitHub Actions workflows that execute untrusted code and can be triggered by attackers to expose credentials and access tokens, as MITRE and Splunk ...