github

3 posts

The extension on your dock just shipped malware

A compromised VSCode extension reached GitHub. Breakdown of the trust boundary that failed and what developer endpoints actually expose.

May 20, 2026

Article

The dashboard pushed every critical CVE to GitHub

Technical analysis of a unified vulnerability dashboard pushed to a public GitHub repo, the scanner token blast radius, and what defenders actually see.

May 12, 2026

Article

CVE-2026-3854 puts GitHub inside your trust boundary

CVE-2026-3854 enables RCE on GitHub.com and Enterprise Server. Why platform compromise becomes customer compromise across identity, secrets, and artefacts.

Apr 29, 2026