A pseudonymous researcher published a GitHub repository called 'Exploitarium' containing over 30 proof-of-concept exploits for undisclosed zero-day vulnerabilities in open-source projects including Libssh2, FFmpeg, Gitea, MyBB, PHP, and others, without coordinating with maintainers. At least 12 exploits have been assigned CVE identifiers, with CVE-2026-55200 (libssh2 pre-auth RCE, CVSS 9.2) confirmed under active exploitation. The researcher justified the public disclosure approach as educational but acknowledged it enables malicious use.
GitHub
Source-code hosting, CI, package registry.
Recent threats
Researchers discovered multiple trojanized proof-of-concept exploits on GitHub delivering ChocoPoC, a Python-based remote access trojan targeting cybersecurity researchers. The malware is embedded via malicious Python packages ('frint' and 'skytext') listed as dependencies that are automatically fetched from PyPI upon cloning the malicious repositories. When executed, the compiled native extension decrypts and runs embedded Python code to steal data and execute commands.
Mozilla's 0DIN team disclosed a proof-of-concept attack demonstrating how AI coding agents like Anthropic's Claude Code can be exploited via seemingly clean GitHub repositories. The technique uses a three-step indirection chain—a configured package that triggers an initialization command, which fetches and executes attacker-supplied code from a DNS record—to gain shell access without leaving malicious code in the repository itself. No active exploitation has been reported.
CVE-2026-50519, a medium-severity vulnerability in GitHub Copilot Chat version 1.0.0, allows unauthorized information disclosure through an insecure default resource initialization. The flaw requires user interaction and has a CVSS score of 6.5. Microsoft has published an advisory and released an official patch; no active exploits have been reported.
A malware distribution campaign has weaponized fake GitHub accounts and repositories with inflated star counts to build social proof for a Rust-based cryptocurrency clipboard hijacker targeting traders and gamblers. The actors created bogus repositories, used Ghost Networks of fake accounts across multiple platforms, and coordinated AI-narrated YouTube videos and VirusTotal vote manipulation to distribute malicious 'trading tools' and 'crypto sniper bots' that swap victim wallet addresses for attacker-controlled ones. The campaign demonstrates sophisticated reputation spoofing tactics that could be repurposed for deploying more damaging payloads.
GitBait, a long-running serverless phishing campaign, has abused GitHub Pages to host fake banking pages targeting at least 12 Mexican financial institutions over roughly three years. Researchers identified over 100 GitHub-hosted domains involved, with attackers using a modular phishing kit and SheetBest to funnel stolen credentials while relying on GitHub's trusted infrastructure to evade blocklists. GitHub has been notified of all identified domains.
Microsoft disabled dozens of GitHub repositories after discovering password-stealing malware injected into open-source projects. The compromised projects, primarily related to Azure and AI development tools, exposed user credentials. Attackers distributed the malware to steal developer passwords and sensitive information. Microsoft confirmed the incident and restored some repositories after review while others remained offline. This represents a supply-chain attack targeting widely used open-source projects.
- Hackers exploit Microsoft open-source software to steal AI devel(opens in a new tab)
- Microsoft investigates breach of open-source projects after malw(opens in a new tab)
- Microsoft Open Source Security Breach, Dozens of GitHub Repos Pu(opens in a new tab)
- Microsoft GitHub Breach: How Malicious Code Targeted Artificial (opens in a new tab)
Microsoft Threat Intelligence identified a prompt injection vulnerability in Anthropic's Claude Code GitHub Action that exposed CI/CD workflow secrets. The Read tool lacked proper sandboxing, allowing access to /proc/self/environ and potentially leaking ANTHROPIC_API_KEY and other credentials. Anthropic released version 2.1.128 on June 5, 2026, blocking access to sensitive /proc files. Organizations using Claude Code Action with untrusted GitHub content (issues, pull requests, comments) and secret access should patch immediately.
CVE-2026-48501 is a critical vulnerability in GitHub CLI (gh) versions prior to 2.93.0. Improper host normalization logic in the shared HTTP client causes the CLI to attach users' GitHub OAuth tokens to requests to external hosts including tuf-repo.github.com, sigstore.dev, and Azure Blob Storage. Attackers controlling these hosts can intercept the Authorization header and gain full account access, potentially compromising repositories, CI/CD workflows, and API actions.
A critical vulnerability in Visual Studio Code's webview implementation allows attackers to steal GitHub OAuth tokens with full repository access via a single malicious link. Researcher Ammar Askar disclosed a complete exploit chain on June 2, 2026, demonstrating token exfiltration through malicious .ipynb files and synthetic keyboard events that trigger silent extension installation. The attack affects both github.dev and desktop VS Code, with proof-of-concept code publicly released.
- 1-Click GitHub Token Vulnerability Lets Attackers Steal Users' O(opens in a new tab)
- Another bug hunter leaks Microsoft exploits in defiance of compa(opens in a new tab)
- One Click Could Hand Over Your Entire GitHub Account: New VS Cod(opens in a new tab)
- VS Code Vulnerability Allows One-Click GitHub Token Theft - Secu(opens in a new tab)
- VS Code Zero-Day Vulnerability Steals GitHub Tokens(opens in a new tab)
- Active Exploitation Alert: Critical VS Code Zero-Day Enables One(opens in a new tab)
CISA warned of two recent supply-chain compromises targeting GitHub. The Megalodon attack on May 18 involved malicious GitHub Action workflows injected into over 5,500 open-source repositories with weak branch protection, stealing cloud credentials, API tokens, SSH keys, and other secrets. A second attack involved compromise of a GitHub employee's device through a poisoned Nx Console Visual Studio Code extension (CVE-2026-48027) published May 19.
OX Security researchers discovered a malicious npm package named mouse5212-super-formatter acting as an infostealer that exfiltrates files from victim machines by routing stolen data through GitHub infrastructure. The threat actor hardcoded their own private GitHub token directly into the package, inadvertently leaking it and allowing researchers to identify and investigate the campaign. The package was reported and removed following disclosure. This incident represents an active supply-chain attack that abuses GitHub as a command-and-control or exfiltration endpoint, a growing pattern in malicious open-source package campaigns. Organizations using npm dependencies should audit their package inventories and monitor for unexpected GitHub API traffic originating from build or runtime environments.
A security researcher was banned from GitHub after publishing zero-day Windows exploit code on the platform, reportedly in retaliation for grievances against Microsoft. The researcher claims Microsoft's actions ruined their life, and at least one security expert has characterized the GitHub account ban as vindictive. The researcher has threatened further retaliatory action, specifying a date of July 14. The incident highlights the use of GitHub as a vehicle for publishing unpatched, live exploit code targeting Windows systems, and raises concerns about the potential for continued weaponized disclosures. GitHub's enforcement action removed the content, but the underlying zero-days and the researcher's stated intent to continue warrant monitoring.
- Microsoft's GitHub bans security researcher who posted zero-day (opens in a new tab)
- GitLab Suspends Windows Exploit Researcher Nightmare-Eclipse Aft(opens in a new tab)
- "I have proof for every single word": This security researcher's(opens in a new tab)
- Microsoft under fire for threatening security researcher with cr(opens in a new tab)
- Microsoft threatened a security researcher with criminal prosecu(opens in a new tab)
- This Week In Security: Ubiquiti Fixes, And FreeBSD Joins The Clu(opens in a new tab)
GitHub is investigating a breach of its internal repositories disclosed on May 20, 2026. According to GitHub's confirmation reported in the press, a malicious Visual Studio Code extension compromised an employee's device, giving the attacker access to roughly 3,800 internal GitHub repositories containing private source code. The threat group TeamPCP has publicly claimed responsibility for the intrusion, asserting access to approximately 4,000 repositories. GitHub has not indicated that customer-facing production systems or end-user data were affected. The incident underscores the supply-chain risk posed by trojanized IDE extensions on developer workstations with privileged code access.
- GitHub confirms internal repository breach via VS Code extension(opens in a new tab)
- A Malicious VS Code Extension Just Breached GitHub 's Internal R(opens in a new tab)
- GitHub Breached — Employee Device Hack Led to Exfiltration of 3,(opens in a new tab)
- GitHub investigates internal repositories breach claimed by Team(opens in a new tab)
- GitHub Confirms Hack Impacting 3,800 Internal Repositories - Sec(opens in a new tab)
- GitHub admits major source code leak after 3,800 internal reposi(opens in a new tab)
A public GitHub repository named "Private-CISA" created by an outside contractor exposed approximately 844 MB of sensitive data belonging to the U.S. Cybersecurity and Infrastructure Security Agency, including plain-text passwords stored in a CSV file, AWS GovCloud tokens, and Entra ID SAML certificates. GitGuardian discovered the repository on May 14, 2026; it had been public since November 2025, and some of the exposed credentials were still valid at the time of discovery. CISA took the repository offline within roughly 26 hours of notification and stated there is no current indication that sensitive data was compromised. The exposure is being reported as one of the most significant credential leaks observed against a U.S. federal cybersecurity agency, and underscores the risk of unmanaged contractor repositories on public GitHub. No GitHub platform vulnerability is implicated; the incident concerns sensitive data published to GitHub by a CISA contractor.
Grafana Labs disclosed on May 16, 2026 that an unauthorized party obtained a token granting access to its GitHub environment and used it to download the company's private codebase. The intrusion was traced to a recently enabled GitHub Action containing a Pwn Request vulnerability: a workflow triggered on pull_request_target events exposed production secrets to external contributors. The attacker forked a Grafana repository, injected a curl command to exfiltrate environment variables encrypted with their key, deleted the fork to hide activity, then reused the stolen tokens against four additional private repositories. The breach was detected when one of Grafana's deployed canary tokens fired. The actor attempted to extort the company in exchange for not publishing the code; Grafana refused to pay and states no customer data or systems were affected.
- Grafana GitHub Token Breach Led to Codebase Download and Extorti(opens in a new tab)
- Grafana Labs Security Breach - Hackers Access GitHub and Downloa(opens in a new tab)
- Grafana Labs Confirms Security Incident Involving GitHub Codebas(opens in a new tab)
- Grafana GitHub Breach Exposes Source Code via TanStack npm Attac(opens in a new tab)
Packagist disclosed that a flaw in Composer caused GitHub Actions tokens to leak into publicly visible CI logs after GitHub began rolling out a new token format containing a hyphen in late April 2026. Composer's token validation rejected the new-format tokens and printed the full credential value into Actions error logs, exposing GITHUB_TOKEN values in workflows that used common helpers such as shivammathur/setup-php to register tokens into Composer's global auth config. GitHub has rolled back the new token format, but already-leaked tokens remain a risk and another rollout is expected in the coming weeks. Patches are available in Composer 2.9.8, 2.2.28 LTS, and 1.10.28, which remove the rejected token from error output and relax the validation regex. Packagist urges teams to update immediately and audit recent Actions logs for exposed credentials; Packagist.org and Private Packagist were not themselves affected.
SailPoint disclosed in an SEC Form 8-K filing that an unauthorized actor accessed a subset of its GitHub repositories on April 20, 2026. The identity-security vendor said its incident response team, working with a third-party cybersecurity firm, terminated the unauthorized activity and traced the root cause to a vulnerability in a third-party application, which has since been remediated. SailPoint stated that no customer data in production or staging environments was accessed and that services were not interrupted. Affected customers were notified directly and the company says no further customer action is required. Specifics about the third-party application, the threat actor, and any data exposed from the repositories were not disclosed.
A supply-chain attack compromised 84 npm packages in the TanStack ecosystem, including React Router (12M+ weekly downloads), as part of a campaign tracked as Mini Shai-Hulud that has also affected packages from OpenSearch, Mistral AI, Guardrails AI, and UiPath. According to TanStack's postmortem and analysis by Socket, attackers chained a vulnerable pull_request_target workflow to poison the GitHub Actions cache, then extracted runtime OIDC tokens from the runner's memory and used trusted publisher bindings to push malicious updates to npm. The injected payload (router_init.js) is delivered via a malicious optionalDependency pointing to a standalone commit on GitHub, executed through an npm prepare lifecycle hook on install. Once running, it harvests GitHub Actions workflow tokens, AWS metadata credentials, Kubernetes service-account certificates, and HashiCorp Vault secrets, exfiltrating them over the Session P2P network and persisting via hidden copies in Claude Code and VS Code configuration directories. Developers and CI pipelines that installed affected TanStack versions should rotate GitHub, npm, cloud, and Vault credentials and audit workflow runs for compromise.