Hosted on MSN

GitHub hit by critical RCE flaw and PyPI malware attack

GitHub has disclosed a critical remote code execution flaw, CVE-2026-3854, exploitable via a single git push, and a popular PyPI package tied to GitHub Actions was hacked to deliver malware. Both ...
CSO Online

Critical GitHub RCE bug exposed millions of repositories

The now‑patched flaw allowed authenticated users to execute arbitrary code via crafted git push requests, affecting ...

Top open source PyPI package with over 1 million downloads each month hacked to send out malware

This was not a case of stolen credentials, but rather of vulnerability exploitation.

PyPI package with 1.1M monthly downloads hacked to push infostealer

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive ...
TechRepublic

GitHub offers secret scanning for free

The open source software development service has made it easier for developers using its public repositories to keep coding secrets and tokens close to the chest. Image: prima91/Adobe Stock ...
Techzine Europe

Malicious Python package poses new supply chain threat

The open-source package elementary-data, with over a million downloads per month, has been compromised. Attackers exploited a vulnerability in a GitHub ...

Script Injection and Data Theft: Python Data Analysis Tool Compromised

The popular Python package for monitoring data quality was briefly available as a malicious version. Provider Elementary ...
VentureBeat

GitHub’s secret scanning for private repositories enters general availability

GitHub has announced that its enterprise-focused secret scanning tool for private repositories is now generally available. The Microsoft-owned code-hosting platform first debuted secret scanning for ...