Noma Labs tricked GitHub's AI agent into leaking private repositories with a crafted issue. The prompt-injection flaw, GitLost, has no code fix.
Hackers are breaching GitHub accounts and inserting malicious code disguised as Dependabot contributions to steal authentication secrets and passwords from developers. The campaign unfolded in July ...
The issue affects GitHub Agentic Workflows setups that read public input, hold private repo access, and can post output ...
A prompt injection attack can trick GitHub’s preview Agentic Workflows into retrieving content from private repositories and ...
Millions of enterprise software repositories on GitHub are vulnerable to repojacking, a relatively simple kind of software supply chain attack where a threat actor redirects projects that are ...
Millions of GitHub repositories may be vulnerable to dependency repository hijacking, also known as "RepoJacking," which could help attackers deploy supply chain attacks impacting a large number of ...
An unknown user going by the handle "Gitloker" is grabbing and wiping clean repositories on GitHub in an apparent effort to extort victims. The campaign, which a researcher at Chilean cybersecurity ...
GitHub breach fears are back after the company confirmed attackers accessed thousands of internal repositories through a poisoned VS Code extension. GitHub says customer repositories were not affected ...
Private and deleted GitHub repositories are not as secure as users might assume. Data from deleted forks, deleted repositories, and private repositories can still be accessed, often indefinitely. This ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results