GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...
Tech Times

500 Poisoned Packages, Hundreds of Companies: TeamPCP’s Worm Just Reached GitHub

A GitHub employee installed a routine VS Code extension update, handed cybercrime group TeamPCP enough access to exfiltrate ...
CSO Online

GitHub Actions abused by Megalodon attack to slip malicious commits into 5,500 repos

Researchers say the campaign abused compromised access tokens and deploy keys to inject malicious GitHub Actions workflows ...
Dark Reading

Feeding Frenzy: 'Megalodon' Malware Infects Thousands of GitHub Repos

In just six hours, the campaign quietly pushed malware to more than 5,500 GitHub repositories, stealing credentials, ...
Redmondmag.com

PowerShell Meets Practical AI: Aleksandar Nikolić on Smarter Scripting Workflows

Ahead of his TechMentor session at Microsoft HQ, PowerShell expert Aleksandar Nikolić explains how AI tools like GitHub Copilot can help admins write, refactor, test and document scripts faster -- ...

Megalodon cyberattack infects 5,500 GitHub open-source repositories with malware, researchers say

Security researchers say 5,500 GitHub repositories have been affected by the attack.
WinBuzzer

Microsoft’s Webwright Framework Uses Playwright to For Efficient CLI Web Agent Steering

Microsoft Research has released Webwright as a terminal-native web agent framework that turns browser tasks into rerunnable Playwright code and logs for teams.