GitHub

2 articles

supply chainsource codeGitHubcredential abuseremediation

They Validated Your GitHub Tokens. Now They're Cloning Your Repos.

The token-checking campaign we warned about two weeks ago has entered phase two. Attackers are mass-cloning private repositories using stolen PATs. Your source code is walking out the door.

Jun 2, 2026

CVEGitHubSSRFinfrastructure

CVE-2026-9312: GitHub Enterprise Server Has an SSRF. Yes, That GitHub.

An unauthenticated attacker can reach internal services and steal credentials through GitHub Enterprise Server. If GitHub can ship an SSRF, what's hiding in your infrastructure?

May 28, 2026