<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Github on CuraSec</title><link>https://curasec.metacog.co.kr/tags/github/</link><description>Recent content in Github on CuraSec</description><generator>Hugo</generator><language>en-us</language><lastBuildDate>Sun, 12 Jul 2026 11:56:34 +0000</lastBuildDate><atom:link href="https://curasec.metacog.co.kr/tags/github/index.xml" rel="self" type="application/rss+xml"/><item><title>GitHub RCE CVE-2026-3854 — Public PoC Now Available</title><link>https://curasec.metacog.co.kr/insights/2026-07-12-github-rce-vulnerability-cve-2026-3854-breakdown/</link><pubDate>Sun, 12 Jul 2026 11:56:34 +0000</pubDate><guid>https://curasec.metacog.co.kr/insights/2026-07-12-github-rce-vulnerability-cve-2026-3854-breakdown/</guid><description>&lt;ul>
&lt;li>&lt;strong>Engineer — Plan:&lt;/strong> A public PoC exists for this GitHub RCE, raising urgency even though EPSS is 0.24 and KEV is not listed. If running GitHub Enterprise Server, apply available patches now and review CI/CD pipeline logs for anomalous workflow executions.&lt;/li>
&lt;li>&lt;strong>SOC/IR — Plan:&lt;/strong> Public PoC availability makes pre-emptive detection work worthwhile before confirmed active exploitation. Build or tune rules around anomalous GitHub API calls, unexpected workflow triggers, and unusual code execution patterns in CI/CD infrastructure.&lt;/li>
&lt;li>&lt;strong>Leader — Plan:&lt;/strong> GitHub is core infrastructure for most engineering orgs; confirm whether your deployment is GitHub.com or self-hosted Enterprise Server, and request GitHub&amp;rsquo;s remediation status — a public PoC with no KEV listing still warrants a near-term vendor risk check.&lt;/li>
&lt;li>&lt;strong>Signals:&lt;/strong> CVE-2026-3854 — CISA KEV: not listed, EPSS 0.24, public PoC on GitHub&lt;/li>
&lt;/ul></description></item></channel></rss>