GitHub confirms breach of 3,800 internal repos after employee installs poisoned VS Code extension

GitHub confirms breach of 3,800 internal repos after employee installs poisoned VS Code extension - SiliconANGLE ...
Tech Times

llama.cpp GGUF Parser Flaws: Critical Integer Overflow Enables Arbitrary Reads in Every Local AI Stack

GGUF parser vulnerabilities disclosed May 15, 2026 include a critical integer overflow that lets any malicious model file trigger arbitrary memory reads — affecting Ollama, LM Studio, and every local ...
Tech Times

GitHub CISO Names Nx Console as Root of 3,800-Repo Breach: OpenAI, Grafana Also Hit

GitHub CISO Alexis Wales confirmed Thursday that a poisoned build of the Nx Console Visual Studio Code extension — live on ...
XDA Developers on MSN

A poisoned VS Code extension led to a GitHub breach, and Microsoft owns every link in the chain

Microsoft has had a VS Code extension for a long time, and it finally came back to bite them.

Millions of AI agents imperiled by critical vulnerability in open source package

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to ...
Visual Studio Magazine

Visual Studio May Update Adds Plan Agent, Diff Review Tools

Microsoft highlighted Copilot planning, context visibility, diff review updates and MSVC Build Tools v14.51 in its May Visual Studio update.

Microsoft’s GitHub was positioned to win the AI coding race. Outages got in the way

GitHub's user base has swelled under Microsoft's ownership, but the software repository has fallen behind newer rivals in the ...
Spiceworks on MSN

Did AI write the worm that breached GitHub’s own house?

A single developer. One poisoned extension. Five supply chain surfaces compromised in 48 hours. And a threat group claiming ...