The Hacker News

Microsoft Fixes One-Click GitHub Dev Attack That Let Attackers Steal OAuth Tokens

VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.
Tech Times

Red Hat npm Packages Compromised, 57 More Follow: Signed Attestations Cannot Block Pipeline Hijack

Miasma compromised 32 Red Hat packages June 1 via a hijacked CI/CD pipeline producing valid SLSA attestations, then hit 57 more June 3 using Phantom Gyp to evade install monitors. Red Hat confirmed no ...

What the OpenClaw vulnerability reveals about the future of agentic AI security

OpenClaw exposes how autonomous AI agents are reshaping enterprise security risks..
Microsoft

Typosquatted npm packages used to steal cloud and CI/CD secrets

Microsoft has identified an active supply chain attack targeting the npm package ecosystem. On May 28, 2026, a single threat actor operating under the newly created maintainer alias vpmdhaj (a39155771 ...
thearabianpost

Red Hat npm breach exposes cloud secrets

Attackers have compromised Red Hat’s official @redhat-cloud-services namespace on npm, inserting credential-stealing malware into dozens of package releases used in cloud console development and ...
The Hacker News

Hacking Salesforce Sites With an LLM Agent

AI agent exploited Salesforce sites; 263 objects, 55 Apex methods exposed at one portal, leading to PII and file leaks.
Appuals

Fix: Bluetooth Disappeared from Device Manager

Bluetooth can disappear from Device Manager on Windows even when the problem started as a missing toggle in Settings. In some ...
The Next Web

One click on GitHub.dev is all it takes to hand over your private repositories

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.
GitHub

acs-javascript-calling-library-release-notes.md

Customer stories Events & webinars Ebooks & reports Business insights GitHub Skills ...