Security Firm Wiz Identifies GitHub RCE Vulnerability; North Korean AI-Themed Attacks Target Developers

Security firm Wiz identified a remote code execution (RCE) vulnerability in GitHub, though no CVE ID or technical specifics were disclosed. North Korean threat actors are targeting developers with AI-themed social engineering campaigns, leveraging malicious tools disguised as AI projects. The OWASP FinBot CTF, a live capture-the-flag competition focused on financial security, is currently active with no specified end date. The GitHub RCE discovery and DPRK-linked AI attacks were reported on April 30, 2026, with no additional affected systems or mitigation steps detailed. The OWASP event aims to test defensive skills against financial cyber threats but lacks further operational details.