Claude Code, Copilot and Codex all got hacked. Every attacker went for the credential, not the model.

Six teams exploited Claude Code, Copilot, Codex, and Vertex AI in nine months. Every attack hit runtime credentials that IAM ...
Windows Report

GitHub Patches Severe RCE Flaw Impacting Enterprise Server Deployments

GitHub patched critical RCE flaw CVE-2026-3854 in hours, preventing potential repo takeover and enterprise server compromise.
The Hacker News

Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

CVE-2026-3854 (CVSS 8.7) enabled GitHub RCE via git push, risking cross-tenant access to millions of repositories.
Bleeping Computer

GitHub's new policies allow removal of PoC exploits used in attacks

GitHub announced on Friday their updated community guidelines that explain how the company will deal with exploits and malware samples hosted on their service. To give some background behind the new ...
SecurityWeek

Critical GitHub Vulnerability Exposed Millions of Repositories

Wiz discovered a critical remote code execution vulnerability in GitHub that exposed millions of repositories.
Hosted on MSN

Leaked iPhone exploit kit on GitHub targets older iOS versions

An exploit kit known as Coruna has appeared on GitHub, bundling working attack code for several Apple iOS vulnerabilities that were patched in 2023 and early 2024. The kit chains together at least ...
Ars Technica

Critics fume after Github removes exploit code for Exchange vulnerabilities

Github has ignited a firestorm after the Microsoft-owned code-sharing repository removed a proof-of-concept exploit for critical vulnerabilities in Microsoft Exchange that have led to as many as ...
Bleeping Computer

Fake WinRAR proof-of-concept exploit drops VenomRAT malware

A hacker is spreading a fake proof-of-concept (PoC) exploit for a recently fixed WinRAR vulnerability on GitHub, attempting to infect downloaders with the VenomRAT malware. The fake PoC exploit was ...