CSO Online

Critical GitHub RCE bug exposed millions of repositories

The now‑patched flaw allowed authenticated users to execute arbitrary code via crafted git push requests, affecting ...
The Hacker News

Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

CVE-2026-3854 (CVSS 8.7) enabled GitHub RCE via git push, risking cross-tenant access to millions of repositories.
Opinion

GitHub opts all CLI users into telemetry collection whether they want it or not

Users of GitHub's command-line interface (CLI) who value privacy, beware. The Microsoft-owned code-hosting platform has quietly begun collecting pseudonymous client-side telemetry from CLI users and ...
SecurityWeek

Critical GitHub Vulnerability Exposed Millions of Repositories

Wiz discovered a critical remote code execution vulnerability in GitHub that exposed millions of repositories.
Hosted on MSN

Critical RCE flaws patched in GitHub and Cursor IDE

Two major remote code execution vulnerabilities have been disclosed and patched in GitHub and the Cursor IDE. GitHub’s CVE-2026-3854 allowed authenticated users to execute arbitrary commands via a ...
TheServerSide

How to use the git clone command with GitHub by example

All remote repositories, such as GitHub, GitLab or even a custom one that an organization hosts on the local network, have a URL associated with the repository. This tutorial uses GitHub, and you can ...

GitHub and GitHub Enterprise Server: Code smuggling via push

In GitHub and GitHub Enterprise Server, attackers with push rights to repositories can inject malicious code. Updates fix ...