GitHub hit with another major attack

A TeamPCP copycat was just spotted hitting thousands of GitHub repos with an infostealer.
CSO Online

GitHub Actions abused by Megalodon attack to slip malicious commits into 5,500 repos

Researchers say the campaign abused compromised access tokens and deploy keys to inject malicious GitHub Actions workflows ...
Hosted on MSN

A single 'git push' could hijack millions of GitHub repositories — and nobody knew for weeks

Sometime in early 2026, a flaw hiding inside one of the most routine actions in software development went live on the world’s largest code-hosting platform. Every time a developer ran git push to send ...