GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...
Decrypt

Shai-Hulud: What to Know About the Malware Spreading Through Software Pipelines

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.
Runner's World

The best running shoes for 2026, tested in the lab and on the road

Want more tried and tested recommendations from the RW editors? Sign up to our monthly newsletter Kit Bag. Click here to subscribe. These days, there's no shortage of choice when it comes to running ...
Morning Overview on MSN

The GitHub break-in began on one developer’s laptop and a poisoned coding add-on — then spread to the keys guarding code inside thousands of companies

Sometime in early 2026, a software developer did what millions of programmers do every week: updated a dependency. The ...

Megalodon cyberattack infects 5,500 GitHub open-source repositories with malware, researchers say

Security researchers say 5,500 GitHub repositories have been affected by the attack.

‘Fuck you, Bambu’: How one private message could change the face of 3D printing

Thousands are daring Bambu to take legal action.