SecurityWeek

GitHub Issues Abused in Copilot Attack Leading to Repository Takeover

Orca has discovered a supply chain attack that abuses GitHub Issue to take over Copilot when launching a Codespace from that ...
GIGAZINE

It was pointed out that repositories that were supposed to be private on GitHub were made public through Microsoft's AI assistant 'Copilot'

The software development platform GitHub allows users to manage projects by making repositories private, preventing code from being seen by anyone other than those involved. However, an investigation ...
Bleeping Computer

GitHub comments abused to push malware via Microsoft repo URLs

A GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with Microsoft repositories, making the files appear trustworthy. While most ...
TechRadar

Thousands of GitHub repositories exposed via Microsoft Copilot

Copilot has access to private GitHub repositories, researchers found The repositories were public at some point, and Bing cached them The caching behavior is "acceptable" says Microsoft Thousands of ...
Dark Reading

Hackers Create Legit Phishing Links With Ghost GitHub, GitLab Comments

Hackers are using unpublished GitHub and GitLab comments to generate phishing links that appear to come from legitimate open source software (OSS) projects. The clever trick, first described by Sergei ...
Infosecurity-magazine.com

Millions Face RepoJacking Risk on GitHub Repositories

Security researchers have unveiled a new instance of repojacking that affects millions of GitHub repositories. According to an advisory published last week by Aqua Security Software, the discovered ...