SecurityWeek

GitHub Issues Abused in Copilot Attack Leading to Repository Takeover

Orca has discovered a supply chain attack that abuses GitHub Issue to take over Copilot when launching a Codespace from that ...
InfoQ

How GitHub Built Sub-Issues into Its Issue Tracking System

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Cory Benfield discusses the evolution of ...
TechRadar

GitHub unveils Copilot-native developer environment

Microsoft-owned developer platform GitHub has launched GitHub Copilot Workspace, a new Copilot-native environment designed to support brainstorming, planning, building, testing and running code, into ...
heise online

Attack via GitHub MCP server: Access to private data

A blog post by AI security company Invariant Labs shows that the official GitHub MCP server (Model Context Protocol) can invite prompt injection attacks. In a proof of concept, an attacker used a ...
Bleeping Computer

Fake "Security Alert" issues on GitHub use OAuth app to hijack accounts

A widespread phishing campaign has targeted nearly 12,000 GitHub repositories with fake "Security Alert" issues, tricking developers into authorizing a malicious OAuth app that grants attackers full ...
InfoWorld

GitHub previews GitHub Copilot Workspace

GitHub is offering a technical preview of GitHub Copilot Workspace, which provides a developer environment based on the GitHub Copilot AI-powered programming assistant. The GitHub Copilot Workspace ...