Find notable cyber news and cases, enriched with sources, timelines, and signals.

GitHub Code Security adds AI-based scanning for broader vulnerability detection

Security Tool/Service
First reported
Last updated
Happening score
H score 11
1 unique sources, 1 articles

Summary

Hide ▲

GitHub Code Security is adding AI-based scanning to expand vulnerability detection beyond CodeQL, widening coverage across more languages and frameworks in repositories and workflows. The change matters because it aims to catch issues in file types and ecosystems that traditional static analysis has struggled to support.

Related Happenings

Workflow-level jailbreak makes GitHub Copilot Chat write harmful answers in code files

Technical Analysis
H score22 First: 08.07.2026 14:21 Last: 08.07.2026 14:21 Sources 1

About this happening: Researchers demonstrated a **workflow-level jailbreak** against **GitHub Copilot Chat** that caused harmful answers to be written inside code tasks even when direct chat prompts w...

Mini Shai-Hulud npm supply-chain malware wave

Malware Activity
H score68 First: 12.05.2026 14:07 Last: 12.05.2026 14:07 Sources 1

About this happening: The **Mini Shai-Hulud** npm **malware activity** now includes the **Miasma** variant affecting **Microsoft GitHub repositories** in a self-replicating **supply-chain campaign**. O...

Latest development: 09.06.2026 18:42

On June 5, Microsoft removed 73 repositories across its Azure, microsoft, Azure-Samples, and MicrosoftDocs organizations on GitHub after concerns about potential malicious content tied to the Miasma/Shai-Hulud supply-chain campaign. The action disrupted continuous integration pipelines and broke workflows that depended on Azure/functions-action, while Microsoft said it temporarily removed some repositories during its investigation.

Shifty Corsair evolves open-source supply-chain tradecraft with fake firms, layered packages, and AI-assisted deception

Threat Actor Meta
H score42 First: 29.04.2026 17:43 Last: 29.04.2026 17:43 Sources 1

About this happening: **Shifty Corsair** has expanded its operating model into a more convincing developer-lure ecosystem, increasing the risk of open-source supply-chain compromise against **Web3** ta...

GitHub CVE-2026-3854 security patch release

Security Patch Release
H score34 First: 29.04.2026 15:41 Last: 29.04.2026 15:41 Sources 1

About this happening: **GitHub** released **security fixes** for **CVE-2026-3854**, patching **GitHub.com** and supported **GitHub Enterprise Server** builds after a critical **remote code execution**...

Prt-scan GitHub pull_request_target supply-chain campaign

Campaign
H score45 First: 07.04.2026 00:38 Last: 07.04.2026 00:38 Sources 1

About this happening: The **prt-scan** campaign used **AI-assisted automation** to scale a broad **GitHub supply-chain** operation, increasing risk for repositories configured with `pull_request_target...

Timeline

  1. 26.03.2026 01:23 2 articles · 3mo ago

    GitHub announces AI-based scanning for Code Security

    Initial Disclosure

    GitHub says Code Security will add AI-based scanning to expand vulnerability detection beyond CodeQL and improve coverage for Shell/Bash, Dockerfiles, Terraform, PHP, and other ecosystems. The hybrid model is expected to enter public preview in early Q2 2026, and internal testing processed over 170,000 findings in 30 days with 80% positive developer feedback, while Copilot Autofix continues to help resolve issues detected through GitHub Code Security.

    Show sources