github 17

• Laravel-Lang Packages Poisoned to Exfiltrate CI Secrets May 25, 2026
• Megalodon Supply Chain Attack Infects 5,500+ GitHub Repositories May 25, 2026
• Packagist Supply Chain Attack Injects Linux Malware Into 8 Composer Packages May 23, 2026
• Megalodon GitHub Attack Injects Malicious CI/CD Workflows into 5,561 Repos May 22, 2026
• Grafana Codebase Stolen via TanStack Supply Chain Attack May 22, 2026
• GitHub Confirms 3,800 Internal Repos Breached via Malicious VS Code Extension May 20, 2026
• Grafana Labs Source Code Exposed via GitHub Breach Linked to TanStack npm Attack May 19, 2026
• GitHub Actions Supply Chain Attack Hijacks actions-cool/issues-helper Tags May 18, 2026
• Official Checkmarx Jenkins AST Plugin Backdoored with Infostealer May 11, 2026
• Google Patches CVSS 10 Gemini CLI RCE Enabling Supply-Chain Code Execution Apr 30, 2026
• Wiz Used AI Reverse Engineering to Uncover High-Severity GitHub Vulnerability Apr 29, 2026
• GitHub RCE Flaw CVE-2026-3854 Exposed Millions of Private Repositories Apr 29, 2026
• Critical GitHub RCE CVE-2026-3854 Exposed Millions of Repositories Apr 28, 2026
• Checkmarx Confirms GitHub Repository Data Published on Dark Web After March Supply Chain Attack Apr 27, 2026
• Comment and Control: Claude Code, Gemini CLI, and GitHub Copilot Vulnerable to Prompt Injection via Code Comments Apr 16, 2026
• OpenAI Rotates macOS Code-Signing Certs After North Korea-Linked Axios Supply Chain Attack Apr 13, 2026
• Microsoft Suspends Developer Accounts for High-Profile Open Source Projects Apr 8, 2026