GitHub developers targeted by fake VS Code alerts spreading malware

Socket uncovers large-scale GitHub spam campaign abusing “Discussions” notifications Fake advisories with bogus CVEs trick ...

Fake VS Code alerts on GitHub spread malware to developers

A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the ...

GitHub Store 1.7.0: Updates without click, security without root

Automatic updates, silent install, app-repo linking and signature verification: GitHub Store becomes a power-user tool with version 1.7.0.

New open-source app turns GitHub into a mobile and PC app store

GitHub is a vast labyrinth of amazing open-source software projects, and it can be hard to see some of the awesomeness within ...
Dark Reading

GitHub 'OpenClaw Deployer' Repo Delivers Trojan Instead

An AI-assisted campaign is spreading more than 300 poisoned packages for diverse assets ranging from developer tools to game ...

ReVanced Removed from GitHub After DMCA Complaint, Here’s What Happens Next

The ReVanced project has been taken down from GitHub following a DMCA complaint. The request did not come from Google, but from a third party. As required under copyright law, GitHub removed the ...
Decrypt

OpenClaw Developers Lured in GitHub Phishing Campaign Targeting Crypto Wallets

The phishing campaign lures OpenClaw developers with fake $5,000 token airdrops, then drains wallets through a cloned site ...
The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...

GhostClaw turns GitHub habits into a macOS malware pipeline

GhostClaw, a macOS infostealer, is spreading through GitHub repositories and developer tools, and it works because routine ...