Dossier
Wiz Research
Coverage of Wiz Research in the Nexus archive.
- GitHub says internal repos exfiltrated after poisoned VS Code extension attack
GitHub was compromised due to a malicious Visual Studio Code extension, resulting in the exfiltration of internal repositories. The company is analyzing logs and monitoring for further activity. The incident has raised concerns about the security of private repositories and credentials.
- GitHub rushed to fix a critical vulnerability in less than six hours
GitHub's security team resolved a critical remote code execution vulnerability in under six hours, identified by Wiz Research using AI models. The flaw in GitHub's internal git infrastructure could have allowed attackers to access millions of code repositories, prompting immediate action from the engineering team.