“works, but it is concisely summarized as a flaw in how github ' s internal services blindly trust user inputs when processing push requests. push options are an intentional feature of the git protocol designed to send key - value strings to a server. these options are packaged in…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
49%
“six hours, as well as implementing additional hardening measures to prevent similar vulnerabilities from being as impactful in the future, should they manifest. it also confirmed that no attacker had ever carried out the attack on github. com, although it advised ghes customers t…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.002Compromise Software Supply Chain
35%
“six hours, as well as implementing additional hardening measures to prevent similar vulnerabilities from being as impactful in the future, should they manifest. it also confirmed that no attacker had ever carried out the attack on github. com, although it advised ghes customers t…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.002Compromise Software Supply Chain
34%
“time, reverse - engineering it was seen as too great a task, given the scale of its internal binaries. they used claude code to take a lot of the legwork out of the process, and were able to go from idea to working exploit in less than 48 hours. " by leveraging ai - augmented too…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195Supply Chain Compromise
31%
“chain compromise - ai recruiting biz mercor says it was ' one of thousands ' hit in litellm supply - chain attack - infosec exec sold eight zero - day exploit kits to russia, says doj " as the landscape evolves, these close partnerships with talented hunters and researchers are m…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Claude ploughs through months of work in rapid time, helps Wiz researchers nab lucrative award
Wiz researchers are set for a tidy payday thanks to their discovery of a high-severity flaw in GitHub's git infrastructure that handed remote attackers full read/write access to private GitHub repositories using a single command.…