SecurityWeek

New Attack Abuses Claude Code and Harmless-Looking Repositories to Hijack Developer Machines

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
Security Boulevard

Extending Our Mission With Developer Endpoint Protection

Developer laptops are the most unmonitored credential store in your stack. GitGuardian's new Endpoint Protection finds every credential on every machine before infostealers do.
The Manila Times

Developer laptops are the credential store attackers are picking through in 2026, GitGuardian announces Endpoint Protection

Widely adopted by developer communities, GitGuardian is the #1 security application on GitHub Marketplace and is used by over 500 thousand developers and leading companies, including Snowflake, Orange ...
Hosted on MSN

Hackers just walked off with 3,800 of GitHub’s internal code repositories — smuggled out by a single poisoned plugin a GitHub developer trusted

Somewhere inside GitHub, a developer installed a Visual Studio Code extension. It looked like any other productivity plugin in Microsoft’s marketplace. It wasn’t. That single installation gave ...
CSOonline

Developer workstations are the new beachhead

Attackers are realizing that instead of hacking a hardened server, they can just trick one developer into installing a malicious plugin to steal all the keys to the kingdom. I spent the first week of ...