GitHub RCE CVE. A semicolon broke GitHub. One character in a push option field, and a security researcher was running code on the backend servers that store private repositories from millions of users and organizations. The git service user that processes every push on those servers has filesystem access to every repository on the node, and that access does not check who the repository belongs to. Private code from banks, hospitals, governments, and individual developers all sits on the same shared infrastructure. The command that got the researcher there is something every developer already runs every day.

Last week at Black Hat Asia in Singapore, a Kaspersky researcher publicly demonstrated PhantomRPC: five separate ways to take any standard Windows service account straight to full SYSTEM access, confirmed working on fully patched Windows Server 2022 and Windows Server 2025. Microsoft already knew. They received the ten-page technical report months ago, called it moderate severity, assigned no CVE, and closed the case. There is no patch.

RPC stands for Remote Procedure Call, and it is the system that Windows services use to send requests to each other directly in the background. When one service needs something from another, it sends a request through RPC. This happens constantly, hundreds of times per minute, completely invisible to whoever is sitting at the machine.

For 21 years, a cyberweapon called fast16 sat completely undetected. This one did not destroy machines or blow things up. It corrupted the math. Scientists running nuclear and engineering simulations got output that looked completely normal, every number added up, every result made sense, and all of it was deliberately wrong. It surfaced last week. It predates Stuxnet by five years.

SentinelOne researchers Vitaly Kamluk and Juan Andrés Guerrero-Saade presented the full analysis of fast16 at Black Hat Asia last week. Fast16’s core binary has a compilation timestamp of August 30, 2005. Stuxnet’s C&C infrastructure was set up in November that same year.

Bing had a CVSS 10.0 vulnerability in its backend infrastructure, the same infrastructure that powers Edge, Windows Search, and Copilot integrations across Microsoft’s ecosystem. Microsoft fixed it on March 10 without saying a word publicly. The CVE showed up six weeks later, on April 23. Nobody outside the company knew this had been sitting in the infrastructure that hundreds of millions of people use every day.

The CVE number is 2026-33819. The vulnerability class is deserialization of untrusted data, and the idea behind it is simpler than it sounds.

Bitwarden’s CLI was backdoored and pushed to npm on April 22, 2026. It was live for 93 minutes. Every developer who installed it during that window has to treat their entire machine as compromised. GitHub tokens, SSH keys, AWS credentials, cloud secrets. All of it.

If you followed the Shai-Hulud story back in November 2025, this will sound familiar. That attack spread through npm and hit packages from Zapier, Postman, PostHog, and hundreds of others. 132 million monthly downloads affected. Stolen credentials dumped into public GitHub repositories for anyone to find. This new attack names itself Shai-Hulud: The Third Coming, after the giant sandworms from Frank Herbert’s Dune. The irony is that this third wave specifically targets AI tools.

A group of attackers has been quietly poisoning Python packages for five weeks straight. They have exfiltrated data from over 500,000 infected machines, hit more than 1,000 organizations, and confirmed victims include Aqua Security, Checkmarx, and government infrastructure including the European Commission’s AWS environment. Yesterday they struck again. This time the target was Xinference, an open-source framework used by developers to run AI models locally. Versions 2.6.0, 2.6.1, and 2.6.2 were compromised and have since been pulled from PyPI. If you installed or updated Xinference in the last 24 hours without pinning your version, you need to act now.

The security fix Microsoft shipped in 2010 to stop attackers from decrypting ASP.NET traffic and forging authentication cookies just got quietly broken by a regression in .NET 10. Microsoft.AspNetCore.DataProtection 10.0.6 shipped on April 14, 2026. One week later, on April 21, Microsoft released 10.0.7 out of band with the fix. In those seven days, any Linux or macOS server running 10.0.6 may have handed out real, signed login tokens to attackers, and those tokens still work after the patch unless the key ring is rotated. 😏

The Windows Snipping Tool can hand your Windows password hash to an attacker through a single click on a crafted link, and what the victim sees is the familiar screenshot tool opening on screen the way it always does. It ships with Windows 10, Windows 11 and Windows Server, thirty-one Windows versions affected. Microsoft rates exploitation as unlikely. A working proof of concept with video demonstration went public on GitHub the same day the patch shipped, and the link that pulls off the whole thing fits on a single line of text. 😏

Two unpatched Windows Defender zero-days have been actively exploited since April 16th, and both of them work on fully patched Windows 10, Windows 11, and Server 2019 and later, including machines that installed this month’s Patch Tuesday updates. One of them makes Defender write the attacker’s payload into System32 by itself, then stands back and lets Windows run it as SYSTEM. The other blocks Defender from receiving any new virus definitions and lies to the EDR management console about it, showing green checkmarks on machines that are already fully compromised. 😏

iTerm2, the terminal emulator that ends up on almost every Mac developer’s machine, is vulnerable to a remote code execution attack that occurs when attacker-controlled text is displayed in the terminal, most commonly through reading a file with cat, less, or head. CVE-2026-41253, disclosed on April 17, covers every stable release up through version 3.6.9, which is still the current build on the downloads page because the fix that landed in source on March 31 has not yet shipped in a new release. Researchers at Calif Global turned a plain file-display operation into a full shell as the logged-in user by abusing a legitimate SSH integration feature that iTerm2 trusts by default, without a single click, a single download, or a single signature for any security tool to catch. 😏