SecurityWeek

Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain Attack

Attackers could inject prompts into a GitHub issue and take over the AI agent designed to automatically triage the issue.
theregister

GitHub says sorry and vows to do better as uptime slips and devs complain

Microsoft's code hosting shack Github has published a lengthy mea culpa about its availability and reliability woes - one that includes the words "we are sorry." Developers using the service have ...

Claude Code, Copilot and Codex all got hacked. Every attacker went for the credential, not the model.

Six teams exploited Claude Code, Copilot, Codex, and Vertex AI in nine months. Every attack hit runtime credentials that IAM ...
The Hacker News

Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

CVE-2026-3854 (CVSS 8.7) enabled GitHub RCE via git push, risking cross-tenant access to millions of repositories.
CSO Online

Critical GitHub RCE bug exposed millions of repositories

The now‑patched flaw allowed authenticated users to execute arbitrary code via crafted git push requests, affecting ...
OfficeChai

GitHub Faces Outages As AI Coding Boom Strains Its Systems

The effects of the AI-driven coding boom are showing up in areas where one wouldn’t immediately expect. GitHub, the world’s dominant code ...

GitHub COO on AI 'Shit Code' overload that many users say has been degrading the coding platform: I am not…

GitHub's COO Kyle Daigle has gone on the record about the scale of what's hitting the platform—and the numbers are staggering ...

GitHub rushed to fix a critical vulnerability in less than six hours

GitHub employees fixed a critical remote code execution vulnerability in less than six hours last month. Wiz Research used AI ...
Windows Report

GitHub Puts "Availability First" as It Rethinks Scaling Priorities Following Recent Outages

GitHub outlines new plan after outages, prioritizing availability, scaling capacity, and improving reliability as AI-powered ...
Bleeping Computer

Clever 'GitHub Scanner' campaign abusing repos to push malware

A clever threat campaign is abusing GitHub repositories to distribute the Lumma Stealer password-stealing malware targeting users who frequent an open source project repository or are subscribed to ...