This week's articles
BigQuery threat model report
A report which identifies 14 BigQuery threat vectors (covering data confidentiality, integrity, and availability) including IAM privilege escalation, data exfiltration via unrestricted egress, schema tampering, cost-based DoS, insider misuse, and service account spoofing.
GitHub RCE Vulnerability: CVE-2026-3854 Breakdown
Wiz Research discovered CVE-2026-3854 (CVSS 8.7): an unsanitized semicolon injection in GitHub's X-Stat internal header allows any authenticated user to override security fields via git push -o, achieving RCE on GitHub.com and full GHES server compromise.
|