All news with #github advanced security tag

🔒 GitHub confirmed that a third party accessed roughly 3,800 internal repositories after a likely “poisoned” Visual Studio Code extension was found on an employee device on May 19. The intrusion was claimed by the TeamPCP group, which posted on the Breached forum and linked the access to private source code. GitHub says it has contained the incident, removed the malicious extension, isolated the endpoint and prioritized rotation of critical secrets. The company will publish a more detailed report when its investigation is complete.

🛡️ GitHub is integrating AI-based scanning into Code Security to extend vulnerability detection beyond CodeQL, targeting ecosystems like Shell/Bash, Dockerfiles, Terraform, PHP and more. The hybrid model preserves CodeQL for deep semantic analysis while using AI to increase coverage in areas hard for traditional static analysis. Findings and suggested fixes appear directly in pull requests, and a public preview is expected in early Q2 2026.