ZCyberNews
中文

#github

6 articles

Between 21 April and 17 May 2026, ZCyberNews published seven articles under the GitHub tag, covering six high-severity and one critical-severity incident. The Lazarus Group was the top threat actor observed. Key vulnerabilities included CVE-2026-45033, with a CVSS score of 9.8, and CVE-2026-3854, rated 8.7. Affected sectors spanned software development, technology, cryptocurrency, enterprise software, and identity-management, with impacts reported globally and in North America.

Grafana GitHub Token Breach Lets Attacker Download Full CodebaseHIGH
Industry News

Grafana GitHub Token Breach Lets Attacker Download Full Codebase

An attacker used a compromised GitHub token to download Grafana's entire private codebase. The company says no customer data was accessed and the incident involved an extortion...

3 min read
GitHub Copilot CLI Flaw CVE-2026-45033 Enables RCE via Malicious ReposCRITICAL
Vulnerabilities

GitHub Copilot CLI Flaw CVE-2026-45033 Enables RCE via Malicious Repos

CVE-2026-45033 (CVSS 9.8) in GitHub Copilot CLI before 1.0.43 lets attackers achieve remote code execution by embedding a malicious bare git repository in a project directory.

CVE-2026-45033
3 min read
SailPoint Discloses GitHub Repo Breach via Third-Party AppHIGH
Industry News

SailPoint Discloses GitHub Repo Breach via Third-Party App

SailPoint reported to the SEC that attackers accessed a subset of its GitHub repositories on April 20 via a third-party app vulnerability.

3 min read
GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git PushHIGH
Vulnerabilities

GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

CVE-2026-3854 (CVSS 8.7) lets authenticated users with push access achieve remote code execution on GitHub.com and GitHub Enterprise Server via a crafted git push command.

CVE-2026-3854
4 min read
North Korean Fake Job Scams Spread Malware via 'Contagious Interview'HIGH
Threat Intel

North Korean Fake Job Scams Spread Malware via 'Contagious Interview'

North Korean operatives use a 'contagious interview' tactic, where a compromised developer's GitHub repo spreads RATs to other job seekers.

3 min readLazarus Group
GitHub Issue Notifications Hijacked for Developer Phishing via OAuth AppsHIGH
Threat Intel

GitHub Issue Notifications Hijacked for Developer Phishing via OAuth Apps

Threat actors are using GitHub's trusted notification system to phish developers, pushing malicious OAuth apps that steal account data and hijack repositories. The campaign exploits the platform's own infrastructure to bypass traditional email security.

3 min read

Stay Updated

Get the latest cybersecurity news delivered to your inbox.