DevSecOps

Google Patches Critical CVSS 10 Gemini CLI CI RCE Flaw as Cursor Vulnerabilities Enable Code Execution

Google has resolved a critical security issue with a maximum severity rating that impacted its Gemini CLI ecosystem, a flaw that could have enabled attackers to execute unauthorized commands on affected systems. According to a report published by Novee Security, the vulnerability allowed attackers without privileges to inject malicious configurations into Gemini CLI environments. This manipulation […]

Google Patches Critical CVSS 10 Gemini CLI CI RCE Flaw as Cursor Vulnerabilities Enable Code Execution Read More »

SAP-Linked npm Packages Compromised in Credential-Stealing Supply Chain Attack

Cybersecurity experts have uncovered a sophisticated supply chain attack targeting SAP-related npm packages, exposing developers and enterprise environments to large-scale credential theft. The campaign, identified as “Mini Shai-Hulud,” has been linked to techniques previously associated with the TeamPCP threat actor group. Compromised Packages in SAP Ecosystem The attack impacted several widely used packages within SAP’s JavaScript and

SAP-Linked npm Packages Compromised in Credential-Stealing Supply Chain Attack Read More »

Researchers Uncover Critical GitHub CVE-2026-3854 RCE Vulnerability Exploitable Through a Single Git Push

Security researchers have revealed a high-impact vulnerability affecting GitHub that could enable attackers to execute arbitrary code using nothing more than a single git push command. Tracked as CVE-2026-3854, the flaw carries a CVSS score of 8.7 and impacts both GitHub.com and GitHub Enterprise Server environments. Nature of the Vulnerability The issue is classified as a command injection flaw.

Researchers Uncover Critical GitHub CVE-2026-3854 RCE Vulnerability Exploitable Through a Single Git Push Read More »