ASEC Blog publishes Ransom & Dark Web Issues Week 1, May 2026         Guatemalan Government Agency Data Sold on DarkForums BlackWater Ransomware Attack Targets Chinese Auto Parts Manufacturer Japanese Fintech Firm Suffers Unauthorized GitHub Access

Google patches a CVSS 10 Gemini CLI vulnerability that allowed hackers to use prompt injection and privilege escalation for a full supply chain compromise.

💾

A newly uncovered cyber campaign dubbed “EtherRAT” is raising concerns across enterprise environments, as attackers combine SEO poisoning, GitHub abuse, and blockchain-based infrastructure to target high-privilege IT professionals. Instead of broadly targeting users, the attackers deliberately impersonate trusted administrative tools, increasing the likelihood that victims already have elevated system access. The attack chain begins with […]

The post EtherRAT Uses SEO Poisoning and Fake GitHub Pages to Target Enterprise Admins appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The post Git Push to Root: AI-Augmented Research Uncovers Critical GitHub RCE (CVE-2026-3854) appeared first on Daily CyberSecurity.

Critical GitHub flaw CVE-2026-3854 lets attackers run code with a single git push, exploiting a command injection bug.

Researchers found a critical vulnerability in GitHub, tracked as CVE-2026-3854, that allows remote code execution through a simple git push. The vulnerability affects GitHub Enterprise Cloud, GitHub Enterprise Cloud with Data Residency, GitHub Enterprise Cloud with Enterprise Managed Users, and GitHub Enterprise Server.

The flaw is caused by a command injection issue, meaning an attacker with repository push access can run arbitrary commands on affected systems. With a high severity score, the bug poses serious risks for both GitHub.com and GitHub Enterprise Server users.

“An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on the instance.” reads the advisory. “During a git push operation, user-supplied push option values were not properly sanitized before being included in internal service headers. Because the internal header format used a delimiter character that could also appear in user input, an attacker could inject additional metadata fields through crafted push option values.”

The flaw was reported through GitHub’s bug bounty program and fixed in Enterprise Server versions 3.14.24, 3.15.19, 3.16.15, 3.17.12, 3.18.6, and 3.19.3.

Wiz researchers reported the vulnerability on March 4, 2026, and GitHub addressed the issue within two hours.

When code is pushed to GitHub, internal services exchange metadata about the operation. The flaw arose because user-supplied git push options were not properly sanitized and were embedded into this metadata. Attackers could exploit delimiter handling to inject extra fields, tricking downstream services into treating malicious input as trusted data. This allowed them to alter execution environments, bypass sandbox protections, and run arbitrary commands on the server.

GitHub quickly fixed the issue by sanitizing inputs and released patches for Enterprise Server versions. The investigation found no real-world exploitation beyond researchers’ tests, and no customer data was compromised.

When code is pushed to GitHub, internal services exchange metadata about the operation. The flaw arose because user-supplied git push options were not properly sanitized and were embedded into this metadata. Attackers could exploit delimiter handling to inject extra fields, tricking downstream services into treating malicious input as trusted data. This allowed them to alter execution environments, bypass sandbox protections, and run arbitrary commands on the server.

GitHub quickly fixed the issue by sanitizing inputs and released patches for Enterprise Server versions. An investigation found no real-world exploitation beyond researchers’ tests, and no customer data was compromised.

Wiz researchers pointed out that this flaw was found in closed-source code using AI, showing a shift in vulnerability discovery. Despite its complexity, it’s easy to exploit. On GitHub, it enabled remote code execution on shared storage nodes, potentially exposing millions of repositories. On Enterprise Server, it could lead to full system compromise, including access to all repositories and sensitive internal data.

“GitHub Enterprise Server customers should upgrade immediately – at the time of this writing, our data indicates that 88% of instances are still vulnerable.” reported Wiz.

Attackers could escalate the flaw to full remote code execution by abusing injected fields. By altering the rails_env value, they bypassed sandbox protections and forced hooks to run in an unsafe mode. They then redirected the hook directory and used path traversal to execute arbitrary files. This chain allowed commands to run as the git service user, giving full control over the system, including filesystem access and internal configurations.

On GitHub, the same flaw could be exploited by injecting an enterprise-mode flag through internal metadata, enabling code execution even though custom hooks are normally disabled. Due to GitHub’s multi-tenant architecture, this access could expose data across environments, potentially allowing attackers to read millions of repositories on shared storage nodes.

The issue shows how a single git push could exploit trust between internal services. GitHub urged immediate patching and highlighted the need to secure how user-controlled data flows through internal protocols in complex systems.

“A single git push command was enough to exploit a flaw in GitHub’s internal protocol and achieve code execution on backend infrastructure.” concludes the report.”The vulnerability chain highlights a pattern that extends well beyond GitHub. When multiple services written in different languages pass data through a shared internal protocol, the assumptions each service makes about that data become a critical attack surface. In this case, one service assumed push option values were safe to embed verbatim. “

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, CVE-2026-3854)

Cybersecurity researchers have revealed critical details about a newly identified RCE vulnerability, tracked as CVE-2026-3854, affecting both GitHub’s cloud infrastructure and GitHub Enterprise Server deployments. The flaw, which carries a high CVSS score of 8.7, could allow an authenticated user to execute arbitrary code on affected systems with a single crafted git push command.  The vulnerability, discovered by researchers at Wiz, exposes a command injection flaw within GitHub’s internal handling of user-supplied data. Specifically, the issue lies in how push options, key-value strings sent during a git push operation, were processed. 

What is CVE-2026-3854 RCE Vulnerability? 

According to an advisory from GitHub, “During a git push operation, user-supplied push option values were not properly sanitized before being included in internal service headers.” Because the internal header format relied on a delimiter character that could also appear in user input, attackers could manipulate these values to inject additional metadata fields.  This weakness opened the door for exploitation of the RCE vulnerability, allowing attackers to gain access to a repository, including one they created themselves, to execute arbitrary commands on the server handling the request.

How the RCE Vulnerability Worked 

At the core of CVE-2026-3854 is improper input sanitization. During a typical git push, metadata such as repository type and processing environment is passed between internal services. This metadata is encoded using a delimiter, specifically a semicolon.  However, because user-controlled push options were inserted into this metadata without sufficient filtering, an attacker could craft inputs containing the delimiter. This allowed them to inject additional fields into the internal X-Stat header.  By chaining multiple malicious values, researchers demonstrated that an attacker could: 

• Override the environment in which the push operation was processed  
• Bypass sandboxing protections designed to restrict execution  
• Ultimately achieve remote code execution on the server  

This made the flaw particularly dangerous, as it required minimal effort to exploit—a single command could trigger the attack. 

Timeline: Discovery and Rapid Response 

The CVE-2026-3854 RCE vulnerability was responsibly disclosed by Wiz on March 4, 2026. GitHub’s response was notably swift.  In a detailed blog post, Alexis Wales explained:  “On March 4, 2026, we received a vulnerability report through our Bug Bounty program from researchers at Wiz describing a critical remote code execution vulnerability affecting github.com, GitHub Enterprise Cloud, GitHub Enterprise Cloud with Data Residency, GitHub Enterprise Cloud with Enterprise Managed Users, and GitHub Enterprise Server.”  GitHub’s internal security team began validation immediately. Within 40 minutes, they had reproduced the issue and confirmed its severity. By 5:45 p.m. UTC, the root cause had been identified, and by 7:00 p.m. UTC—less than two hours after validation—a fix was deployed to GitHub.com. 

Affected Systems and Patch Availability 

The RCE vulnerability CVE-2026-3854 impacted a wide range of GitHub products, including: 

• GitHub.com  
• GitHub Enterprise Cloud  
• GitHub Enterprise Cloud with Data Residency  
• GitHub Enterprise Cloud with Enterprise Managed Users  
• GitHub Enterprise Server  

While cloud-hosted services were patched automatically on March 4, 2026, GitHub Enterprise Server required manual updates. Fixes were released in the following versions: 

• 3.14.25  
• 3.15.20  
• 3.16.16  
• 3.17.13  
• 3.18.8  
• 3.19.4  
• 3.20.0 or later  

Users of GitHub Enterprise Server are strongly advised to upgrade immediately to mitigate the risk associated with this RCE vulnerability. 

No Evidence of Exploitation 

Following the patch deployment, GitHub conducted a thorough forensic investigation to determine whether CVE-2026-3854 had been exploited in the wild.  A key indicator of exploitation was the triggering of an unusual internal code path—one not used during normal operations. GitHub analyzed telemetry data and found: 

• All instances of this anomalous behavior were linked exclusively to the Wiz researchers’ testing  
• No unauthorized users triggered the exploit  
• No customer data was accessed, modified, or exfiltrated  

This provided strong assurance that the RCE vulnerability had not been abused before disclosure. 

Defense-in-Depth Improvements 

Beyond fixing the input sanitization issue, GitHub identified an additional weakness. The exploit relied partly on a code path that should not have been accessible in the affected environment. Although it existed within the server’s container image, it was intended for a different configuration. GitHub removed this unnecessary code as part of its remediation efforts. This additional hardening ensures that even if a similar vulnerability emerges in the future, its impact would be significantly reduced.

Recommendations for GitHub Enterprise Server Users 

For organizations using GitHub Enterprise Server, exploitation of CVE-2026-3854 would require an authenticated user with push access. As a precaution, GitHub recommends: 

• Reviewing /var/log/github-audit.log for suspicious push operations  
• Checking for push options containing semicolons (;)  
• Upgrading to the latest patched version without delay  

Application security provider Checkmarx has officially confirmed a new security incident involving the exposure of its internal GitHub repository. On April 27, 2026, Udi-Yehuda Tamar, the company’s VP of Platform Engineering and Global CISO, revealed that a cybercriminal group successfully leaked Checkmarx data on the dark web. This alarming development stems from an earlier security […]

The post Checkmarx Confirms Security Incident Involving GitHub Repository Exposure appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Unit 42 analyzes npm supply chain evolution post-Shai Hulud. Discover wormable malware, CI/CD persistence, multi-stage attacks and more.

The post The npm Threat Landscape: Attack Surface and Mitigations (Updated May 1) appeared first on Unit 42.

Cybersecurity researchers at Forcepoint uncover new indirect prompt injection attacks that use hidden website code to exploit AI assistants like GitHub Copilot.

Overview ahnLab monitored APT attacks against domestic targets during the month of March 2026. most of the attacks were launched through Spear Phishing emails sent after reconnaissance of specific targets. APT Attack Trends in Korea the majority of distribution vectors were shortcut (.lnk) files, with LNK-based attacks dominating. Type A is to run PowerShell with […]

A coordinated malware operation is abusing fake GitHub repositories to distribute a LuaJIT-based loader, SmartLoader, and a follow-on StealC infostealer, with at least 109 malicious repos active across 103 accounts. The campaign blends cloned open source code, obfuscated Lua stages, and blockchain-backed C2 resolution to evade detection and keep infrastructure agile. Instead of relying on […]

The post 109 Fake GitHub Repos Spread SmartLoader, StealC Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Hackers are abusing GitHub’s own issue-notification emails to phish developers and silently take over their repositories using malicious OAuth applications, effectively turning trusted DevOps tooling into a supply-chain attack vector. Developers are now prime targets because compromising their accounts gives attackers direct access to source code CI/CD pipelines, and production workflows, making this a textbook supply-chain attack […]

The post GitHub Issue Alerts Exploited in OAuth Phishing Scam Targeting Developers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The post The Invisible Patch: How PolinRider Rewrites Git History to Hide North Korean Malware appeared first on Daily CyberSecurity.

Hackers spread CGrabber and Direct-Sys malware through GitHub ZIP files, bypassing security tools to steal passwords, crypto wallets, and user data.

The post GitHub Abruptly Terminates All Copilot Pro Trials Amid Massive Abuse appeared first on Daily CyberSecurity.

The post The “Graphalgo” Evolution: How North Korea Built a Fake Florida LLC to Hack Developers appeared first on Daily CyberSecurity.

A new infostealer dubbed Omnistealer is turning the blockchain into a permanent malware hosting platform, which is bad news for both companies and everyday users.

It’s pretty common for malware to store its payload on a public platform, ideally one that adds some trustworthiness to the download location, like Google docs, OneDrive, GitHub, npm, PyPI, and so on.

The problem for malware peddlers is that these can be taken down. It can sometimes take a while and a lot of trouble, but it’s possible. Omnistealer gets around this by storing its staging code inside transactions on public blockchains like TRON, Aptos, and Binance Smart Chain.

Some blockchain transactions allow small bits of arbitrary data (notes, metadata, smart contract inputs) and instead of something harmless, attackers insert:

• Encrypted text
• Encoded commands
• Pieces of malware code

And because blockchains are append‑only, those malicious snippets are effectively undeletable once they’re mined into a block. You can revoke domains and pull GitHub repos, but you can’t roll back TRON or BSC just to remove a few hundred bytes of malware staging code.

That turns public ledgers into a resilient, censorship‑resistant command and control infrastructure that defenders can’t simply take down.

Despite the obvious connection to cryptocurrency, Omnistealer is not solely about robbing crypto-investors. Once Omnistealer lands on a system, it goes after:

• More than 10 password managers, including cloud‑synced consumer tools such as LastPass.
• Major browsers like Chrome and Firefox, scraping saved logins and session data.
• Cloud storage accounts, including Google Drive credentials.
• Over 60 browser‑based crypto wallets, including popular extensions like MetaMask and Coinbase Wallet.

 It’s designed to be a one‑stop data vacuum that investigators say will “literally steal everything.“

The attack typically starts with a “simple” coding gig: a contractor gets a LinkedIn or Upwork offer, pulls a GitHub repository, and runs what looks like normal project code. Behind the scenes, that code reaches out to the blockchain, reads transaction data, and uses it as a pointer to fetch and decrypt the final payload.

Researchers estimate that roughly 300,000 credentials have already been compromised, spanning everything from adult‑industry platforms and food delivery to financial compliance firms, defense suppliers, and US government entities. 

What you can do 

You can’t delete malware from the blockchain, but you can make it much harder for campaigns like this to affect you. First, reduce what’s available to steal. Then protect your information better.

• Treat “dream job” and unsolicited contract offers as suspicious by default, especially if they move quickly to off‑platform chats (Telegram, Discord) or ask you to run code from a private repository.
• Lock down your passwords with a reputable password manager and turn on multi-factor authentication (preferring app or key over SMS) for any important or sensitive account.
• Use an up-to-date, real-time anti-malware solution to block, detect, and remove threats like Omnistealer.
• Don’t use your everyday user profile or main workstation as a test bench for random GitHub projects or side gigs. Use a virtual machine or separate system instead.
• Watch your crypto and banking accounts for unexplained logins or withdrawals, and move funds to new wallets if you suspect compromise.

---

Let’s face it, an incognito window can only do so much. 
 
Breaches, dark web trading, credit fraud. Malwarebytes Identity Theft Protection monitors for all of it, alerts you fast, and comes with identity theft insurance. 

The fallout from the Axios npm supply chain attack continues to widen, with OpenAI issuing a detailed response outlining its exposure and remediation steps. The Axios npm supply chain attack, reported by The Cyber Express on April 1, has since been linked to North Korea’s Lazarus Group, significantly expanding the scope and impact of the incident. Attribution was confirmed by Google Threat Intelligence Group, which identified the activity under UNC1069, a financially motivated group active since at least 2018.

OpenAI Confirms Limited Exposure to Axios npm Supply Chain Attack

In its official statement, OpenAI said, “We recently identified a security issue involving a third-party developer tool, Axios, that was part of a widely reported, broader industry incident⁠.” The company clarified that while it was affected by the broader Axios npm supply chain attack, there is no evidence of compromise to user data or internal systems. “We found no evidence that OpenAI user data was accessed, that our systems or intellectual property was compromised, or that our software was altered,” the statement added. The exposure occurred on March 31, 2026, when a GitHub Actions workflow used in OpenAI’s macOS app-signing process executed a malicious version of Axios (v1.14.1). This workflow had access to sensitive code-signing certificates used for validating OpenAI applications like ChatGPT Desktop, Codex, Codex CLI, and Atlas.

Certificate Rotation and macOS App Updates

As a direct response to the Axios npm supply chain attack, OpenAI has initiated a full rotation of its macOS code-signing certificates. While internal analysis suggests the certificate was likely not exfiltrated, the company is treating it as potentially compromised. To mitigate any residual risk, OpenAI is requiring users to update their macOS applications. Older versions of affected apps will lose support and functionality after May 8, 2026. Updated versions will carry new certificates to ensure authenticity. This move is designed to prevent threat actors from distributing malicious software disguised as legitimate OpenAI applications, a known risk in supply chain attacks involving code-signing materials.

Investigation and Security Measures

OpenAI engaged a third-party digital forensics and incident response firm to investigate the impact of the Axios npm supply chain attack. The company also coordinated with Apple to block any new notarization attempts using the old certificate. Additional steps taken include:

• Publishing new builds of all affected macOS applications
• Reviewing all past software notarizations for anomalies
• Ensuring no unauthorized modifications were made to distributed software

The company confirmed that no malicious applications signed with its certificate have been identified so far.

Root Cause: GitHub Workflow Misconfiguration

The root cause of OpenAI’s exposure to the Axios npm supply chain attack was traced to a misconfiguration in its GitHub Actions workflow. Specifically, the workflow relied on a floating tag instead of a fixed commit hash and lacked a minimum release age for dependencies, both of which increased the risk of pulling compromised packages. This highlights a broader industry issue where development pipelines remain vulnerable to upstream compromises, especially in open-source ecosystems.

No Impact on User Data or Other Platforms

OpenAI emphasized that the incident is limited strictly to macOS applications. There is no impact on iOS, Android, Windows, Linux, or web-based services. The company also reassured users:

• No user data or API keys were compromised
• No passwords need to be changed
• No malware signed as OpenAI has been detected

What Happens Next

OpenAI will fully revoke the old certificate on May 8, 2026, after a 30-day transition window. This approach is intended to minimize disruption while ensuring users have adequate time to update their applications. The company noted that any software signed with the old certificate will be blocked by macOS security protections after revocation, further reducing the risk of misuse.

Growing Impact of Axios npm Supply Chain Attack

The Axios npm supply chain attack highlight the escalating risks tied to third-party software dependencies. With attribution pointing to a state-sponsored group, the incident reflects how supply chain attacks are increasingly being leveraged for financial and strategic objectives. As organizations continue to rely heavily on open-source libraries, the incident serves as a reminder of the need for stricter dependency management, secure development practices, and continuous monitoring of software pipelines.

A recently disclosed high-severity vulnerability in GitHub Copilot Chat allowed attackers to silently siphon sensitive data from private repositories.

Tracked as CVE-2025-59145 with a near-perfect CVSS score of 9.6, the flaw enabled the theft of source code, API keys, and cloud secrets without requiring the execution of any malicious code.

Dubbed “CamoLeak,” this exploit highlights a growing threat in AI-assisted development.

A security researcher publicly disclosed the vulnerability in October 2025, shortly after GitHub patched the issue in August 2025 by disabling image rendering in Copilot Chat.

The CamoLeak Attack Chain

GitHub Copilot Chat reviews pull requests by reading descriptions, code, and repo files using the developer’s access permissions.

CamoLeak weaponized this trusted access by hiding malicious instructions inside GitHub’s invisible markdown comment syntax.

Because these comments do not render in the standard web interface, human reviewers saw nothing suspicious.

However, Copilot ingested the raw text and treated the hidden prompt as a legitimate command.

The attack unfolded in four distinct phases:

• The attacker submitted a PR containing hidden prompt injection instructions in the description.
• A developer with private repository access asked Copilot to review the PR, unknowingly feeding the hidden instructions to the AI.
• The injected prompt directed Copilot to search the codebase for sensitive data, such as AWS keys, and encode the findings in base16.
• Copilot embedded the encoded data into pre-signed image addresses, sending requests to the attacker’s server to reconstruct the stolen data character by character as the victim’s browser rendered the response.

The most sophisticated aspect of CamoLeak was its ability to bypass GitHub’s Content Security Policy (CSP).

Normally, a CSP blocks images from loading from untrusted external hosts to prevent exactly this kind of data leakage.

To evade this, attackers pre-computed a dictionary of valid, signed addresses for GitHub’s Camo image proxy.

Each address pointed to a transparent 1×1 pixel on the attacker’s server and represented a single encoded character.

Because the outbound traffic routed through GitHub’s own trusted infrastructure, it looked like normal image loading and bypassed standard network egress controls.

While CamoLeak was specific to GitHub, the underlying threat applies to any AI assistant with deep system access, such as Microsoft 365 Copilot or Google Gemini.

Whenever untrusted content can influence an AI’s instruction stream, it creates a covert data exfiltration pathway.

As traditional monitoring misses data exfiltration via trusted channels, security providers stress evolving defenses and stopping attacks at the endpoint to break the kill chain.

Solutions like BlackFog’s ADX platform focus on monitoring device outbound traffic, blocking sensitive information from leaving regardless of whether the transfer is initiated by an attacker or an exploited AI proxy.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post Hackers Exploit GitHub Copilot Flaw to Exfiltrate Sensitive Data appeared first on Cyber Security News.

A high-severity flaw in GitHub Copilot Chat recently allowed attackers to silently steal sensitive data like API keys and private source code. Tracked as CVE-2025-59145 with a critical CVSS score of 9.6, this vulnerability required no malicious code execution. Instead, hackers used a clever prompt injection technique known as “CamoLeak.” A security researcher publicly disclosed […]

The post Hackers Exploit GitHub Copilot Flaw to Exfiltrate Sensitive Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.