Critical GitHub Vulnerability Patched in Under Six Hours

GitHub has confirmed that its internal git infrastructure was compromised by an attacker who could access millions of public and private code repositories due to a remote code execution vulnerability. Wiz Research, a cybersecurity firm, used AI models to discover the vulnerability in less than 24 hours. According to Alexis Wales, GitHub’s chief information security officer, the company’s security team validated the bug bounty report within 40 minutes and subsequently reproduced the issue internally to confirm its severity. Following this discovery, GitHub’s engineering team rapidly developed a fix, which was then deployed just under six hours later.