Multiple coordinated attacks are targeting code repositories across GitHub and other platforms, with hackers exploiting AI tools, poisoned repositories, and CI/CD vulnerabilities to compromise developer machines and steal internal data at scale.
·Researchers demonstrate Claude Code exploitation using deceptively harmless repositories to hijack developer systems
·Megalodon malware has infected 5,500 open-source GitHub repositories in widespread supply-chain attack
·Cordyceps vulnerability in CI/CD pipelines exposes 300+ repositories to compromise through automated deployment systems
·GitHub Enterprise Server signing key rotation underway following breach affecting thousands of internal repositories
·Malicious VS Code extension installation led to data theft from thousands of GitHub repositories
drawn from SecurityWeek, Crypto Briefing, Mashable, The Hacker News · updated 3d ago