The Hacker News

Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

CVE-2026-3854 (CVSS 8.7) enabled GitHub RCE via git push, risking cross-tenant access to millions of repositories.

GitHub and GitHub Enterprise Server: Code smuggling via push

In GitHub and GitHub Enterprise Server, attackers with push rights to repositories can inject malicious code. Updates fix ...
Dark Reading

Reverse Engineering With AI Unearths High-Severity GitHub Bug

Wiz used an AI reverse-engineering tool to pinpoint a vulnerability that previously would have been too costly and ...
Bleeping Computer

Claude Code leak used to push infostealer malware on GitHub

Threat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar information-stealing malware. Claude Code is a terminal-based AI agent from ...
Security Boulevard

GitHub Actions Supply Chain Attack: Trivy Breach & Workflow

Breakdown of the Trivy GitHub Actions attack, including workflow misconfigurations, token theft, and supply chain exposure.