GO-2026-4988 DevGuard has an unauthenticated identity assertion via `X-Admin-Token` header in github.com/l3montree-dev/devguard

DevGuard has an unauthenticated identity assertion via X-Admin-Token header in github.com/l3montree-dev/devguard...

GO-2026-4953 goshs is Missing Write Protection for Parametric Data Values in github.com/patrickhener/goshs

goshs is Missing Write Protection for Parametric Data Values in github.com/patrickhener/goshs...

GO-2026-5009 Kopia: RCE via SSH ProxyCommand Injection in github.com/kopia/kopia

Kopia: RCE via SSH ProxyCommand Injection in github.com/kopia/kopia...

Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft

In this article 1. Attack chain overview 1. Technical analysis 2. How GitHub took action to prevent further harm 2. Mitigation and protection guidance 1. Microsoft Defender XDR Detections 2. Microsoft Defender XDR Threat analytics 3. Advanced hunting 4. Indicators of Compromise IOC 3. References ...

Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft

In this article 1. Attack chain overview 1. Technical analysis 2. How GitHub took action to prevent further harm 2. Mitigation and protection guidance 1. Microsoft Defender XDR Detections 2. Microsoft Defender XDR Threat analytics 3. Advanced hunting 4. Indicators of Compromise IOC 3. References ...

GHSA-XX55-4RRG-8XG6

creationtimestamp| type| source ---|---|--- 2026-05-20 16:56:46+00:00| seen| https://bsky.app/profile/Whiskeyomega.cupoftea.social.ap.brid.gy/post/3mmceqyeaiq72...

CVE-2026-26028

creationtimestamp| type| source ---|---|--- 2026-05-20 15:52:46+00:00| published-proof-of-concept| https://github.com/cryptpad/cryptpad/security/advisories/GHSA-g2g4-47gv-p72v...

CVE-2026-35672

creationtimestamp| type| source ---|---|--- 2026-05-20 15:46:42+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-gp95-j463-vv28...

CVE-2026-35671

creationtimestamp| type| source ---|---|--- 2026-05-20 15:46:17+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-xvp4-phqj-cjr3...

CVE-2026-35676

creationtimestamp| type| source ---|---|--- 2026-05-20 15:45:53+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-9qv9-8xv6-5p35 2026-05-28 17:34:05+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmwklaw3se2c...

Setup PHP: GitHub tokens configured by setup-php may be exposed through pinned affected Composer versions

Impact This affects only workflows that pin an exact affected Composer semver version through setup-php, for example tools: composer:2.9.7. Workflows using the default Composer version, composer:v2, or no pinned Composer version are not affected through setup-php, because those Composer URLs have...

GHSA-5WXR-W449-57CM Setup PHP: GitHub tokens configured by setup-php may be exposed through pinned affected Composer versions

Impact This affects only workflows that pin an exact affected Composer semver version through setup-php, for example tools: composer:2.9.7. Workflows using the default Composer version, composer:v2, or no pinned Composer version are not affected through setup-php, because those Composer URLs have...

GHSA-PQWM-Q9PV-PH8R Setup PHP: Command Injection in Repository-Derived PHP Version Resolution

Summary A command injection vulnerability was identified in shivammathur/setup-php when the action resolves the PHP version from repository-controlled files and uses that value while generating the platform setup script. In affected versions, setup-php may read the PHP version from: - .php-versio...

Command Injection

Overview setup-php is a Setup PHP for use with GitHub Actions Affected versions of this package are vulnerable to Command Injection via the process that resolves PHP version from repository-controlled files such as .php-version, composer.lock, or composer.json and incorporates the value into the...

GHSA-6X5C-84VM-5J56

creationtimestamp| type| source ---|---|--- 2026-05-20 14:58:37+00:00| seen| https://gist.github.com/Atomics-hub/546bf5d8d27b37858eec964a75f37206...

GitHub Breach: TeamPCP Steals 3,800 Repositories via VS Code Extension

GitHub Breach: TeamPCP stole 3,800 internal repositories through a malicious VS Code extension and is now selling the data online for $95,000...

CVE-2026-47668

creationtimestamp| type| source ---|---|--- 2026-05-20 13:24:13+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-47668.yaml 2026-05-24 22:22:53+00:00| seen| https://t.me/realcodeb0ss/433 2026-05-26 15:00:05+00:00| seen|...

Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API

Cybersecurity researchers have flagged fresh activity from a China-aligned threat actor known as Webworm in 2025, deploying custom backdoors that employ Discord and Microsoft Graph API for command-and-control C2 or C&C communications. Webworm, first publicly documented by Broadcom-owned Symantec ...

GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos

GitHub on Tuesday said it's investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform's source code and internal organizations for sale on a cybercrime forum. "While we currently have no evidence of impact to customer...

ROOT-APP-GOBINARY-CVE-2026-34986 CVE-2026-34986 in rootio-github.com/go-jose/go-jose/v4 - Patched by Root

Root has patched CVE-2026-34986 in the rootio-github.com/go-jose/go-jose/v4 package for Root:Go. Multiple fixed versions available...