🚨 BREAKING: Wiz Research discovered Remote Code Execution on https://t.co/SvN2lGsnbO with a single git push
The flaw in @github allowed unauthorized access to millions of repositories belonging to other users and organizations 🤯
The second vulnerability (CVE-2026-21510) bypasses security features such as the Microsoft Defender SmartScreen and executes attacker-controlled code, which is stored on the attacker's remote server.
An incomplete patch for CVE-2026-21510 (an #APT28 exploit) created a new zero-click vulnerability: CVE-2026-32202.
https://t.co/zkA6AXs2Uo
Ghost Bits is a brilliant research: https://t.co/gA5vPZGWf0
Now you can reproduce CVE-2025-41242 in Vulhub, Spring/Jetty Path traversal caused by Ghost Bits: https://t.co/yWmAvEV3cW
This issue exists in spring-boot-starter-jetty <= 3.2.4 with zero configuration