Developer Tech

GitHub brings agentic workflows to GitHub Actions

GitHub has released Agentic Workflows in public preview, bringing coding agents into GitHub Actions for automated engineering ...
Memeburn

Hackers Steal 3,800 GitHub Repos Through Fake VS Code Extension

GitHub says hackers stole about 3,800 internal repos after a poisoned VS Code extension hit an employee device ...
CSOonline

GitHub Actions attack renders even security-aware orgs vulnerable

Many open-source repositories contain privileged GitHub Actions workflows that execute untrusted code and can be triggered by attackers to expose credentials and access tokens, as MITRE and Splunk ...
The Next Web

A single GitHub issue could have hijacked Anthropic’s own Claude Code action and poisoned every project that uses it

A flaw in Claude Code's GitHub Action let attackers bypass permission checks via fake bots and steal OIDC tokens through prompt injection.
TechJuice

Researcher Found 50 Ways to Break Claude Code. Here Is the Worst One.

A Claude Code GitHub Action flaw let one malicious issue hijack repositories via prompt injection. Anthropic has patched it.
Dark Reading

Supply Chain Attacks Targeting GitHub Actions Increased in 2025

Some of the most significant software supply chain incidents over the past year were carried out by threat actors who exploited vulnerabilities in GitHub, the global repository widely used by software ...
InfoQ

GitHub Copilot Desktop App Targets Parallel Agentic Workflows

GitHub has introduced the GitHub Copilot app, a desktop control centre for agent-native development that aims to keep ...