The Hacker News

GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks

npm 12 disables install scripts by default, requiring explicit approval to reduce dependency-based code execution risks.
InfoWorld

GitHub finally pulls the plug on automatic install script execution for npm

The change, expected in July, will likely block one of the more common attack vectors; developers are wondering what took ...
The Hacker News

Microsoft Fixes One-Click GitHub Dev Attack That Let Attackers Steal OAuth Tokens

VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.
The Next Web

One click on GitHub.dev is all it takes to hand over your private repositories

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.

Unofficial script lets you install unreleased Windows 11 features without Microsoft Account0 0

This unofficial script enables users to install and access unreleased Windows 11 features while bypassing the requirement for ...
GitHub

punkpeye/awesome-mcp-servers

Customer stories Events & webinars Ebooks & reports Business insights GitHub Skills ...
GitHub

PoC auto collect from GitHub. ⚠️ Be careful Malware.

There was an error while loading. Please reload this page.