The Hacker News

Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

CVE-2026-3854 (CVSS 8.7) enabled GitHub RCE via git push, risking cross-tenant access to millions of repositories.

Claude Code, Copilot and Codex all got hacked. Every attacker went for the credential, not the model.

Six teams exploited Claude Code, Copilot, Codex, and Vertex AI in nine months. Every attack hit runtime credentials that IAM ...
CSO Online

Critical GitHub RCE bug exposed millions of repositories

The now‑patched flaw allowed authenticated users to execute arbitrary code via crafted git push requests, affecting ...

GitHub rushed to fix a critical vulnerability in less than six hours

GitHub employees fixed a critical remote code execution vulnerability in less than six hours last month. Wiz Research used AI ...

GitHub fixes RCE flaw that gave access to millions of private repos

In early March, GitHub patched a critical remote code execution vulnerability (CVE-2026-3854) that could have allowed ...

GitHub and GitHub Enterprise Server: Code smuggling via push

In GitHub and GitHub Enterprise Server, attackers with push rights to repositories can inject malicious code. Updates fix ...

GitHub Copilot’s price shakeup could signal the end of cheap AI coding

It was fun while it lasted, but it’s starting to look like the end for flat-rate AI plans as we know them, with GitHub being ...
InfoQ

GitHub Targets Large Merge Problem with Stacked PRs

GitHub has launched a native stacked pull request workflow through a new CLI extension called gh-stack, closing a gap that ...

Anthropic took down thousands of GitHub repos trying to yank its leaked source code — a move the company says was an accident

Anthropic executives said it was an accident and retracted the bulk of the takedown notices.
Hosted on MSN

Microsoft open-sources original 86-DOS 1.00 code on GitHub

Microsoft has released the source code for 86-DOS 1.00, the 45-year-old operating system that became the foundation for MS-DOS and PC-DOS, on GitHub under the permissive MIT license. The release ...