A VS Code exploit for github.dev can steal GitHub OAuth tokens after one malicious link, exposing private repositories while teams await a patch.

A flaw in Claude Code's GitHub Action let attackers bypass permission checks via fake bots and steal OIDC tokens through prompt injection.

Microsoft is discontinuing most internal Claude Code licenses by June 30, directing engineers to its own GitHub Copilot CLI.

Threat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar information-stealing malware. Claude Code is a terminal-based AI agent from ...

GitHub says hackers stole about 3,800 internal repos after a poisoned VS Code extension hit an employee device ...

A github.dev flaw could let attackers steal GitHub OAuth tokens through a one-click attack, exposing private repositories and ...

Microsoft drops Claude Code for thousands of engineers in 2026, forcing a switch to GitHub Copilot CLI by June 30. Here's what's happening and why.

Microsoft has instructed its employees to stop using Claude Code and instead transition to GitHub Copilot. The company had first started giving access to Claude Code to employees in December last year ...

GitHub Copilot security scanning arrives in the terminal with /security-review, an experimental pre-commit slash command that ...