We achieved Remote Code Execution on GitHub - and got access to millions of repositories belonging to other users and organizations 🤯

All it took was a single `git push`

Here's how we did it (CVE-2026-3854) 🧵⬇️ How do you research GitHub? You start with GitHub Enterprise Server - it shares much of its codebase with , and you can run it locally

We extracted its compiled binaries and used IDA MCP to reconstruct the internal protocols behind every git push 🤖GitHub.com

We found a Remote Code Execution (RCE) vulnerability in @Ollama - one of the most popular AI inference projects on GitHub. Here is everything you need to know about #Probllama (CVE-2024-37032) 🧵👇 The issue is a simple Path Traversal vulnerability which can be exploited by pulling a model from a private registry. By specifying a malicious digest field, it is possible to overwrite any file on the system!

We uploaded a backdoored AI model to @HuggingFace which we could use to potentially access other customers’ data✨

Here is how we did it - and collaborated with Hugging Face to fix it 🧵⬇️ Hugging Face, one of the best-known AI-as-a-Service providers, conveniently lets users interact with the AI models hosted on their platform using their own inference infrastructure. This feature is called Inference API.

We found two 0-day vulnerabilities in @Ubuntu kernel and it all started by reading descriptions of old CVEs 📖
Thread about the discovery of #GameOverlay 🧵👇🏼 Our journey started when our team at @wiz_io read the advisory about CVE-2023-0386, a local privilege escalation in the Linux kernel. The vulnerability exploited OverlayFS to copy SUID files from a nosuid mount to outside directories, enabling privilege escalation to root.