GitHub confirms breach of 3,800 internal repos after employee installs poisoned VS Code extension

GitHub confirms breach of 3,800 internal repos after employee installs poisoned VS Code extension - SiliconANGLE ...

KnowledgeDeliver flaw exploited as a zero-day to install web shells

Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell.
Cloud Security Alliance

MITRE ATT&CK for Cloud: A Practitioner's Guide to Detection Coverage

Explore MITRE ATT&CK for Cloud, the key cloud tactics and techniques, and how cloud detection and response (CDR) fits into ...
XDA Developers on MSN

A poisoned VS Code extension led to a GitHub breach, and Microsoft owns every link in the chain

Microsoft has had a VS Code extension for a long time, and it finally came back to bite them.
Morning Overview on MSN

GitHub just confirmed hackers broke into its own code through a poisoned coding tool — slipping in on a developer’s laptop without anyone noticing for days

Sometime in early 2025, an attacker slipped malicious code into a Visual Studio Code extension, and a GitHub employee ...
winbuzzer.com

GitHub Says VS Code Breach Exposed 3,800 Repositories

GitHub faces an internal repository breach this week after a poisoned VS Code extension on an employee device exposed roughly 3,800 internal repositories. Customer data stored outside those ...