Thousands of exposed GitHub repositories, now private, can still be accessed through Copilot
Lasso extracted a list of repositories that were public at any point in 2024 and identified the repositories that had since been deleted or set to private. Using Bing’s caching mechanism, the company ...
These fake GitHub "security alerts" could actually let hackers hijack your account
Security researchers spot new phishing campaign targeting GitHub users A fake "security alert" GitHub account was notifying users of suspicious logins The links in the notification all point to a ...
Copilot exposes private GitHub pages, some removed by Microsoft
Microsoft’s Copilot AI assistant is exposing the contents of more than 20,000 private GitHub repositories from companies including Google, Intel, Huawei, PayPal, IBM, Tencent and, ironically, ...
Fake "Security Alert" issues on GitHub use OAuth app to hijack accounts
A widespread phishing campaign has targeted nearly 12,000 GitHub repositories with fake "Security Alert" issues, tricking developers into authorizing a malicious OAuth app that grants attackers full ...
Supply chain attack on popular GitHub Action exposes CI/CD secrets
A supply chain attack on the widely used 'tj-actions/changed-files' GitHub Action, used by 23,000 repositories, potentially ...
CPO Magazine7d
Compromise of Popular Tool Leads to Supply Chain Attack on Over 23,000 GitHub Repositories
A compromise of the popular GitHub Actions tool turned into a massive supply chain attack, at this point thought to be ...
Thousands of exposed GitHub repos, now private, can still be accessed through Copilot
Security researchers are warning that data exposed to the internet, even for a moment, can linger in online generative AI chatbots like Microsoft Copilot long after the data is made private.