Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible ...
The Hacker News

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across ...
Tom's Hardware on MSN

Invisible malicious code attacks 151 GitHub repos and VS Code

The technique exploits Unicode Private Use Area characters, which render as zero-width whitespace in virtually every code ...

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...
TechCrunch

Copilot Workspace is GitHub’s take on AI-powered software engineering

Is the future of software development an AI-powered IDE? GitHub’s floating the idea. Ahead of its annual GitHub Universe conference in San Francisco early this fall, GitHub announced Copilot Workspace ...
The Verge

GitHub Copilot gets a new ChatGPT-like assistant to help developers write and fix code

GitHub is using OpenAI’s latest GPT-4 model to go way beyond auto-completing comments and code. Copilot X gets chat and voice support. GitHub is using OpenAI’s latest GPT-4 model to go way beyond auto ...