Code-Injection Bugs Bite Google, Apache Open Source GitHub Projects
A pair of security vulnerabilities discovered in the GitHub environments of two very popular open source projects from Apache and Google could be used to stealthily modify project source code, steal secrets, and move laterally inside an organization.