Bleeping Computer

New Gogs zero-day flaw lets hackers get remote code execution

An unpatched zero-day vulnerability in the Gogs self-hosted Git service can allow attackers to gain remote code execution (RCE) on Internet-facing instances. Designed as an alternative to GitHub ...
The Next Web

GitLab 19.0 bets that the real bottleneck in software delivery is everything after writing the code

GitLab 19.0 extends agentic AI across the full software lifecycle with its Duo Agent Platform, adds SBOM-based dependency scanning, and supports Claude Opus 4.7 and Gemini models. The release targets ...
Hackaday

This Week In Security: Ubiquiti Fixes, And FreeBSD Joins The Club You Don’t Want To Join

Ubiquiti released a new security bulletin detailing fixes for six security issues, including one rated 9.1 (critical) and one scoring a perfect 10.0 on the CVE risk scale. The vulnerabilities ...

Hackers breach GitHub and access 3,800 internal repositories now listed for sale

GitHub has said it found about 3,800 internal repositories accessed in the breach and stressed that these contained its own code rather than customer projects. The ...

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.
InfoWorld

GitHub admits major source code leak after 3,800 internal repositories breached

Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers exfiltrated code from around 3,800 of the company’s internal repositories. News of ...
Bleeping Computer

GitHub investigates internal repositories breach claimed by TeamPCP

Update May 20, 04:17 EDT: GitHub has now confirmed the breach of ~3,800 internal repositories after an employee installed a malicious VS Code extension. GitHub is investigating a breach of its ...
TechRadar

GitHub confirms breach — thousands of internal repositories hit after employee installs malicious VS Code extension

GitHub confirms an employee’s compromised device led to exfiltration of internal repositories via a poisoned VSCode extension Threat actors TeamPCP are selling an archive of roughly 4,000 repos on the ...
Infosecurity Magazine

Grafana Labs Says Code Breach Stemmed from TanStack Attack

A popular developer of open source analytics software has revealed that a recent data breach and extortion incident was caused by the Mini Shai-Hulud campaign which compromised TanStack packages.
Visual Studio Magazine

Visual Studio May Update Adds Plan Agent, Diff Review Tools

Microsoft highlighted Copilot planning, context visibility, diff review updates and MSVC Build Tools v14.51 in its May Visual Studio update.

$5 billion-plus company GitLab cuts hundreds of jobs, exits 22 countries; CEO blames it on AI; says agentic era is creating

GitLab is laying off 14% of its workforce and exiting 22 countries as part of a restructuring to focus on the "agentic era" ...

OpenAI Warns Mac Users to Update Apps After Supply-Chain Attack

OpenAI says Mac users must update ChatGPT, Codex, and Atlas apps by June 12 after an npm supply-chain attack exposed signing certificates.