Github

Gotenberg's `IsPublicIP` function incorrectly classifies IPv6 6to4, NAT64, and deprecated site-local addresses as public IPs, enabling an unauthenticated attacker to reach internal destinations such as cloud metadata services.

Gotenberg is vulnerable to path traversal (CVE-2026-44829) due to improper sanitization of filenames in zip archives, allowing attackers to write files outside the intended extraction directory by using Windows-style path separators (backslashes) in uploaded filenames, affecting versions up to 8.32.0.

GitHub internal repositories were compromised after an attacker injected malicious code into the Nx Console Visual Studio Code extension (v18.95.0), leading to the exfiltration of approximately 3,800 internal repositories.

GitHub CLI versions 2.92.0 and earlier incorrectly include authorization headers in API requests to TUF repository mirrors and external hosts when using the `gh attestation`, `gh release verify`, and `gh release verify-asset` commands, potentially exposing sensitive tokens.

The compliance-trestle application is vulnerable to arbitrary file write via path traversal; the `-o/--output` argument in `trestle author jinja` allows writing files outside the intended workspace due to improper validation of path traversal characters, leading to potential CI/CD compromise or local code execution by overwriting sensitive files such as `.github/workflows/*.yml` or `.git/hooks/*`.

OpenBao versions up to 2.5.3 allow cross-namespace lease revocation by exploiting legacy sys/revoke endpoints, potentially leading to unauthorized credential access and denial of service.

The 'Megalodon' supply chain attack compromised over 5,500 GitHub repositories by injecting malicious GitHub Actions workflows designed to steal credentials, CI secrets, keys, and tokens.

A missing admin authorization check in the Arcane application on the `PUT /api/environments/{id}/templates/variables` endpoint allows any authenticated non-admin user to overwrite global environment variables, leading to supply-chain RCE, credential theft, and cross-tenant impact by overriding critical configuration values.

Nezha Monitoring is vulnerable to a server-side request forgery (SSRF) vulnerability, where a low-privilege RoleMember user can call notification routes and send HTTP requests to a user-controlled URL, with the entire response body reflected back to the caller, potentially exposing intranet resources and causing denial of service.

@hulumi/drift versions before 1.3.2 could accept externally supplied execute plans without sufficient provenance checks, allowing unsafe reconciliation input to be treated as trusted; upgrade to version 1.3.2 or later to resolve this vulnerability.

@hulumi/policies versions before 1.3.2 improperly inspect inline and attached IAM policies, potentially allowing admin-equivalent policy paths to bypass the administrator-policy guardrail, resulting in a CIS 1.16 admin policy bypass.

A GitHub employee's device was compromised via a malicious VS Code extension, leading to the theft of approximately 3,800 internal repositories by threat actor TeamPCP (UNC6780), who then offered the data for sale.

The Webworm APT group is using updated tactics, techniques, and procedures, including new backdoors using Discord and Microsoft Graph API for command and control, custom proxy tools, and GitHub for malware staging, shifting focus to European governmental organizations.

Between May 11th and May 12th of 2026, a threat actor compromised an npm publish token to publish 18 malicious versions of the '@beproduct/nestjs-auth' package (versions 0.1.2 through 0.1.19) containing payloads from the Mini Shai-Hulud npm supply-chain worm campaign that exfiltrated npm tokens, GitHub PATs/OAuth tokens, AWS credentials, and Vault tokens, impacting developer environments.

FileBrowser Quantum is susceptible to CVE-2026-46410, an unauthenticated information disclosure vulnerability, potentially exposing sensitive information such as source code and file paths.

Coder is vulnerable to a PKCS#7 signature bypass in Azure instance identity (CVE-2026-46354), allowing unauthenticated agent token theft via a forged vmId, enabling access to Git SSH private keys, OAuth access tokens, and workspace secrets.

Kopia's HTTP server, when started without `--without-password`, accepts unauthenticated requests which can lead to arbitrary command execution as the Kopia process user via `-oProxyCommand` in `sshArguments` for SFTP backends with `externalSSH: true`. An attacker-supplied storage configuration is forwarded to `blob.NewStorage`, and the `sshArguments` are split on spaces and passed directly to `exec.CommandContext("ssh")`, resulting in command injection.

Composer leaks GitHub OAuth tokens in GitHub Actions logs if they do not match the expected format due to a validation regex, leading to potential unauthorized access.

TeamPCP is conducting a multi-ecosystem supply chain attack targeting the open-source ecosystem, specifically NPM packages, GitHub Actions, and VSCode extensions, to harvest credentials, exfiltrate sensitive data, and establish persistent access on infected systems via a Python-based backdoor.

A prototype pollution vulnerability exists in the @tmlmobilidade/utils package before version 20260509.0340.15, specifically affecting the setValueAtPath() function, potentially leading to denial of service or arbitrary code execution.

Arcane Backend versions 1.18.1 and earlier are vulnerable to an unauthenticated reflected XSS (CVE-2026-45627) via the SVG color parameter, allowing attackers to inject executable script content and compromise admin accounts by enticing them to visit a malicious link.

Arcane's REST API lacks proper admin authorization checks on Git repository management endpoints, allowing any authenticated user to exfiltrate stored Git credentials and tamper with GitOps configurations by redirecting credential requests to an attacker-controlled host.

Hackers injected credential-stealing malware into newly published versions of the node-ipc npm package in a supply chain attack, collecting cloud credentials, SSH keys, CI/CD secrets, and other sensitive data, exfiltrating it through DNS TXT queries.

This brief summarizes a Maltrail IOC feed update on 2026-05-15, containing indicators associated with APT_Kimsuky, CyberstrikeAI, Android_Joker, Sectoprat, EK_Landupdate808, and MagentoCore campaigns involving suspicious domains and IP addresses.

Kimsuky, a North Korean APT group, is actively targeting organizations, primarily in South Korea, with evolving tactics and tools, leveraging spear-phishing emails and messenger contacts to deploy malware such as PebbleDash and AppleSeed for establishing backdoors and stealing information.

SiYuan's Bazaar marketplace is vulnerable to stored cross-site scripting (XSS) via unescaped package metadata, leading to arbitrary OS command execution in the desktop Electron client.

The rule detects when a private GitHub repository's visibility is changed to public, potentially indicating exfiltration of sensitive code or data and unauthorized access.

CVE-2026-41109 describes an improper neutralization of special elements in output used by a downstream component ('injection') vulnerability in GitHub Copilot and Visual Studio, allowing an unauthorized attacker to bypass a security feature over a network.

Dalfox server mode is vulnerable to an unauthenticated arbitrary file read with out-of-band exfiltration via the `custom-payload-file` parameter, allowing attackers to read sensitive files on the host.

The Shai-Hulud malware was used in a large-scale software supply-chain attack compromising hundreds of packages across open-source software ecosystems by compromising developer secrets and CI/CD pipelines.

On April 22, 2026, Checkmarx and Bitwarden suffered supply chain attacks where malicious versions of their developer tools were distributed through official channels, attempting to harvest sensitive information such as GitHub and npm tokens and exfiltrating data to audit.checkmarx[.]cx.

GitHub Copilot CLI versions prior to 1.0.43 are vulnerable to arbitrary code execution via a malicious bare git repository nested within a project directory, exploiting git's automatic bare repository discovery and the `core.fsmonitor` configuration setting.

go-git may parse malformed Git objects differently than upstream Git, leading to inconsistent interpretation and potentially allowing the signing or verification of commits with altered metadata, as described in CVE-2026-45022.

GuardDog versions 1.0.0 through 2.9.0 are vulnerable to Server-Side Request Forgery (SSRF) and potential `GH_TOKEN` exfiltration due to a blind URL rewrite in remote project scanning; an attacker can influence the scanned repository URL to trigger SSRF and capture the `GH_TOKEN` used by GuardDog.

Open WebUI version v0.3.10 has a CORS misconfiguration and session validation issue that can lead to remote code execution due to a one-click attack against admin users.

The rule detects the execution of the VScode portable binary with the tunnel command line option, potentially indicating an attempt to establish a remote tunnel session to Github or a remote VScode instance for unauthorized access and command and control.

This brief focuses on detecting deletion actions within GitHub audit logs, specifically targeting the deletion of codespaces, environments, projects, and repositories, potentially indicating malicious activity or insider threats.

Attackers can modify SSH certificate configurations in GitHub organizations to gain unauthorized access, persist in the environment, escalate privileges, and operate stealthily.

An administrator or privileged user disables critical security features within a GitHub organization or repository, potentially leading to increased risk of unauthorized access, data breaches, and persistent compromise.

Detection of the disabling of GitHub secret scanning at the business or repository level, potentially increasing the risk of exposed credentials and secrets.

An administrator has disabled the GitHub push protection feature, potentially allowing secrets and other sensitive information to be pushed to repositories.

Detection of a GitHub user bypassing push protection, potentially leading to the exposure of secrets.

This analytic detects the creation of new GitHub Actions secrets at the organization, environment, codespaces, or repository level, potentially indicating malicious persistence or privilege escalation.

Detection of GitHub repository archiving or unarchiving events, which could indicate malicious activity such as persistence, impact, or defense impairment.

Detection of a user pausing audit log event streaming in GitHub Enterprise, potentially indicating an attempt to evade detection by disabling the audit trail.

This rule detects command-line activity indicative of credential access across multiple cloud platforms (GCP, Azure, AWS, GitHub, DigitalOcean, Oracle, Kubernetes), looking for specific commands used to print or access tokens and credentials, flagging hosts where multiple cloud targets are accessed within a five-minute window, suggesting potential credential harvesting activity.

Detection of changes to self-hosted runner configurations in GitHub environments can indicate potential impact, discovery, collection, persistence, privilege escalation, initial access, or stealth activities.

Detection of GitHub Organizations branch ruleset deletions, which could indicate attempts to bypass code review requirements and introduce unauthorized code changes.

The disabling of two-factor authentication (2FA) in GitHub Organizations is detected through audit log monitoring, potentially indicating an attacker's attempt to weaken account security and facilitate unauthorized access.

A self-hosted runner was created in GitHub Enterprise, which could be exploited by attackers to execute malicious code, access sensitive data, or pivot to other systems.

An IP allow list was disabled in GitHub Enterprise, potentially allowing unauthorized access from untrusted networks and exposing sensitive code repositories.

An attacker disables audit log event streaming in GitHub Enterprise to evade detection by preventing security monitoring platforms from receiving audit events.

An attacker modifies or disables audit log event streaming in GitHub Enterprise to evade detection by preventing security monitoring platforms from receiving audit events.

The disabling of two-factor authentication (2FA) in GitHub Enterprise, detected via audit logs, weakens account security and increases the risk of account takeover and supply chain compromise.

A user disables Dependabot security features within a GitHub repository, potentially enabling attackers to exploit unpatched vulnerabilities in dependencies.

This analytic detects when classic branch protection rules are disabled in GitHub Organizations, potentially allowing malicious actors to bypass code review and security controls.

Detection of disabled classic branch protection rules in GitHub Enterprise, indicating potential bypass of code review and security controls, leading to unauthorized code changes and supply chain compromise.