Hosted on MSN

GitHub’s critical flaw let anyone with push access execute code on servers holding millions of private repos

A single git push command. That is all it would have taken for someone with write access to a repository on GitHub Enterprise Server to execute arbitrary code on the underlying host machine, according ...
Hosted on MSN

A single 'git push' could hijack millions of GitHub repositories — and nobody knew for weeks

Sometime in early 2026, a flaw hiding inside one of the most routine actions in software development went live on the world’s largest code-hosting platform. Every time a developer ran git push to send ...
The Hacker News

Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows

Megalodon pushed 5,718 malicious GitHub commits in 6 hours, exposing CI secrets and cloud credentials at scale.
Martin Cid Magazine

Megalodon turned GitHub Actions into a 5,561-repo backdoor in six hours

Researchers at SafeDep traced 5,718 malicious commits to 5,561 GitHub repositories, all pushed in a six-hour window on a ...