The Hacker News

Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

CVE-2026-3854 (CVSS 8.7) enabled GitHub RCE via git push, risking cross-tenant access to millions of repositories.
Hosted on MSN

Microsoft patches GitHub flaw within hours, no exploits found

Microsoft patched a high-severity GitHub vulnerability, CVE-2026-3854, within about two hours of disclosure, preventing any ...
Cybernews

One git push from disaster: this fundamental GitHub flaw could’ve compromised the world’s code

A critical remote code execution flaw in GitHub allowed users to gain access to millions of repositories and compromise ...
Ars Technica

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...
Dark Reading

Reverse Engineering With AI Unearths High-Severity GitHub Bug

Wiz used an AI reverse-engineering tool to pinpoint a vulnerability that previously would have been too costly and ...