The Hacker News

Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

CVE-2026-3854 (CVSS 8.7) enabled GitHub RCE via git push, risking cross-tenant access to millions of repositories.

GitHub fixes RCE flaw that gave access to millions of private repos

In early March, GitHub patched a critical remote code execution vulnerability (CVE-2026-3854) that could have allowed ...
SecurityWeek

Critical GitHub Vulnerability Exposed Millions of Repositories

Wiz discovered a critical remote code execution vulnerability in GitHub that exposed millions of repositories.
CSO Online

Critical GitHub RCE bug exposed millions of repositories

The now‑patched flaw allowed authenticated users to execute arbitrary code via crafted git push requests, affecting ...
Dark Reading

Reverse Engineering With AI Unearths High-Severity GitHub Bug

Wiz used an AI reverse-engineering tool to pinpoint a vulnerability that previously would have been too costly and ...
TechRadar

AI push makes Python the most popular language on GitHub

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. For the first time in GitHub history, Python has overtaken JavaScript as the most popular ...

PyPI package with 1.1M monthly downloads hacked to push infostealer

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive ...