GitHub discloses breach of 3,800 internal code repositories.

This report summarizes multiple security incidents: GitHub confirmed a supply-chain compromise via a Trojanized VS Code extension that reportedly affected ~3,800 internal repositories (TeamPCP claimed responsibility and is selling the data); a CISA contractor accidentally exposed AWS GovCloud credentials on a public GitHub repo; researchers published a macOS kernel privilege-escalation exploit for Apple M5 hardware (developed with AI assistance) with details withheld while Apple patches; and coordinated international law-enforcement actions disrupted cybercrime infrastructure (Operation Ramz, takedown of First VPN, and disruption of Fox Tempest).