Threat Post

GitHub Code Execution Bug Fetches $18,000 Bounty

GitHub awarded $18,000 to a researcher after he came across a remote code execution bug in the company’s enterprise management console. GitHub recently awarded $18,000 to a researcher after he came ...
Bleeping Computer

GitHub finds 7 code execution vulnerabilities in 'tar' and npm CLI

GitHub security team has identified several high-severity vulnerabilities in npm packages, "tar" and "@npmcli/arborist," used by npm CLI. The tar package receives 20 million weekly downloads on ...
ZDNet

GitHub awards researcher $18,000 for remote code execution flaw discovery

GitHub has awarded a researcher $18,000 for disclosing a security flaw in GitHub Enterprise which could have lead to remote code execution. According to independent German researcher Markus Fenske, ...
The Hacker News

OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link

A high-severity OpenClaw flaw allows one-click remote code execution via token theft and WebSocket hijacking; patched in ...

GitHub adds Claude and Codex AI coding agents

GitHub is making Claude by Anthropic and OpenAI’s Codex AI coding agents directly available inside GitHub today. A new public ...
Bleeping Computer

GitHub code scanning now finds more security vulnerabilities

Code hosting platform GitHub today launched new machine learning-based code scanning analysis features that will automatically discover more common security vulnerabilities before they end up in ...
SecurityWeek

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Vulnerabilities in the NPM, PNPM, VLT, and Bun package managers could lead to protection bypasses and arbitrary code ...