Multiple Cybersecurity Incidents Reported, Including GitHub Breach and EngineX Vulnerabilities

On May 21, 2026, the SANS Internet Storm Center reported a GitHub breach affecting approximately 3,800 internal repositories, with no evidence of compromise to public or third-party repositories. The incident’s root cause was traced to a developer using a malicious Visual Studio Code extension. Gnostic released an open-source database and API to scan VS Code extensions for malicious activity, urging users to avoid scraping and instead utilize the API. Nebula Security disclosed a remote code execution vulnerability in EngineX called "EngineX pool slip," which bypasses ASLR, with an exploit planned for release 30 days post-patch. A second EngineX vulnerability, affecting configurations with JavaScript modules enabled, was also noted, though no patch timeline was provided. Microsoft issued mitigations for the BitLocker "Yellow Key" bypass, requiring manual PIN entry during reboot to prevent unauthorized disk access. SonicWall warned of active exploitation of a January-patched vulnerability, emphasizing the need for both firmware updates and manual LDAP configuration adjustments.