2-Click Cursor Exploit Enables Dev Environment Takeover
Simple age-old bugs give bad actors access to developers' secrets and source code-rich environments.
Source code reveals how software works, helping security teams identify vulnerabilities, exposed secrets, and unsafe logic before attackers can exploit them.
Search across headline titles and summaries.
Background for this topic.
Source code is the human-readable text programmers write in a language such as Python, Java, or C before it is compiled or interpreted into a running program. It defines the program’s logic, data handling, and interactions with operating systems, networks, and other services. Source code may include application code, scripts, and configuration that controls software behavior.
In security, exposed or improperly protected repositories can disclose credentials, private keys, internal endpoints, or details that help attackers find exploitable flaws. Vulnerabilities may also enter through unsafe coding patterns, outdated dependencies, or malicious changes to code and build pipelines. Defenses include least-privilege repository access, secret scanning, peer review, static analysis, dependency and software-composition checks, and integrity controls for releases. Preserving commit history and build provenance helps investigators determine what changed and whether delivered software matches reviewed source.
Weekly headline count for the current query.
Simple age-old bugs give bad actors access to developers' secrets and source code-rich environments.
Malware Harvested Cloud Credentials, Source Code and Deployment TokensAttackers used a compromised npm publishing credential to release five malicious versions of Jscrambler's Code Integrity package, deploying a Rust-based infostealer that harvested developer, cloud and AI tool credentials while evolving its delivery methods to evade detection.
Researchers Urge Organizations to Rotate Credentials and Review Audit LogsThreat actor 888 claims it stole Accenture source code and cloud credentials, prompting researchers to warn that any exposed Azure tokens, encryption keys or DevOps secrets could enable follow-on intrusions and downstream supply-chain attacks even as Accenture says operations remain unaffected.
Ask an AI coding agent to scan open-source code for security holes, and it might run the attacker's code on your own machine instead
Accenture confirmed a breach after a hacker claimed to steal 35 GB of source code, keys, and Azure credentials now offered for sale. A threat actor using the handle “888” claimed on the cybercrime forum PwnForums this week to have stolen 35 gigabytes of data from Accenture in July and offered it for sale. “Today […]
IT services giant Accenture has confirmed it suffered a security breach after a threat actor claimed to have stolen 35 GB of source code and other data from the company. [...]
Modula-based source code resurfaces after nearly four decades
The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain attacks, was briefly open-sourced on GitHub. [...]
Anthropic's Mythos Preview was highly effective at finding vulnerability candidates, especially when analyzing source code. XBOW explores how the model performed across exploit discovery, reverse engineering, and live-site validation. [...]
CIFSwitch is a 19-year-old Linux logic bug turning forged CIFS auth keys into root. Affects Mint, CentOS, Rocky, Kali, SLES. CIFSwitch stands apart from typical privilege escalation vulnerabilities because of how it was discovered. Asim Manizada, a security engineer at SpaceX, didn’t find it by auditing source code the old-fashioned way. He built an AI-powered […]
GitHub on Tuesday said it's investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform's source code and internal organizations for sale on a cybercrime forum
Grafana Labs, on May 19, 2026, said an investigation into its recent breach found no evidence of customer production systems or operations being compromised
Open source tool maker Grafana says hackers stole codebase via GitHub breach
The release of Shai-Hulud source code spells trouble for software developers as researchers worry the self-replicating worm could scale.
Grafana Labs disclosed that hackers have downloaded its source code after breaching its GitHub environment using a stolen access token. [...]
The TeamPCP hacker group is threatening to leak source code from the Mistral AI project unless a buyer is found for the data. [...]
The attack on the Trellix source code repository disclosed last week has been claimed by the RansomHouse threat group, which leaked a small set of images as proof of the intrusion. [...]
Info is scant, but such breaches can reveal where a security product's controls are located and how detections are designed, giving attackers a leg up.
Security vendor Trellix has suffered a breach involving unauthorized access
Company Says No Evidence So Far That Version Release or Distribution AffectedTrellix disclosed over the weekend that hackers found their way to its source code repository. The company said that investigation so far turned up "no evidence that our source code release or distribution process was affected, or that our source code has been exploited."