The Hacker News

Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

CVE-2026-3854 (CVSS 8.7) enabled GitHub RCE via git push, risking cross-tenant access to millions of repositories.
Morning Overview on MSN

GitHub patches critical remote code execution flaw in private repositories

GitHub has patched a high-severity remote code execution vulnerability that allowed anyone with push access to a private ...
The Hacker News

Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution

Gemini CLI CVSS 10.0 flaw in versions below 0.39.1 enabled RCE in CI workflows, forcing Google to mandate explicit workspace ...
Tom's Hardware on MSN

Anthropic's model context protocol includes a critical remote code execution vulnerability

A design choice in the MCP SDKs allows remote code execution across the AI supply chain.
SecurityWeek

Critical Gemini CLI Flaw Enabled Host Code Execution, Supply Chain Attacks

A critical remote code execution and supply chain vulnerability was recently discovered by researchers in Gemini CLI.

GitHub fixes RCE flaw that gave access to millions of private repos

In early March, GitHub patched a critical remote code execution vulnerability (CVE-2026-3854) that could have allowed ...

GitHub patches critical 'git push' remote code execution bug

Microsoft-owned open source code hosting platform GitHub has acknowledged and patched a critical vulnerability that allowed ...
Decrypt

Google Fixes AI Coding Tool Flaw That Let Attackers Execute Malicious Code: Report

Researchers say a prompt injection bug in Google's Antigravity AI coding tool could have let attackers run commands, despite ...