Cybersecurity & Data Protection
2
UPVOTE
thehackernews.com

RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN

A vulnerability in GitHub Codespaces could have been exploited by bad actors to seize control of repositories by injecting malicious Copilot instructions in a GitHub issue. The artificial intelligence (AI)-driven vulnerability has been codenamed RoguePilot by Orca Security. It has since been patched by Microsoft following responsible disclosure. "Attackers can craft hidden instructions inside a
RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN
Thanakorn Boon

Thanakorn Boon

12h ago
2 0

Discussion

Say something first

It all starts with you—share your thoughts now.

No comments yet.

Be the first to share your take and keep the conversation moving.

Join the conversation

Log in or sign up to add your comment and participate in the discussion!

Log In Sign Up

UPVOTERS

Community appreciation

See who found this content valuable and showed their support.

g_richard

Golden Greta

Golden GretaUpvoted 5h ago1 comments · 24 shares
KH

Lars Khan

Lars KhanUpvoted 11h ago2 comments · 26 shares

TOPICS

Explore the same topics

Discover more content from the topics this post is mapped to.

thehackernews.com
Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engi…

Cybersecurity researchers have discovered a new Lua-based malware created years before the notorious Stuxnet worm that aimed to sabotage Iran's nuclear program…
TA

taylor??

1h ago
0
thehackernews.com
CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadl…

The U. S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added four vulnerabilities impacting SimpleHelp, Samsung MagicINFO 9 Server, and D-…
TN

The Hacker News

6h ago
0
bleepingcomputer.com
ADT confirms data breach after ShinyHunters leak threat

Home security giant ADT has confirmed a data breach after the ShinyHunters extortion group threatened to leak stolen data unless a ransom is paid. [. .. ]
NightCurator

NightCurator

12h ago
0
darkreading.com
US Busts Myanmar Ring Targeting US Citizens in Financial Fraud

Some 29 people were charged, including a Cambodian senator, and authorities seized more than 500 Web domains tied to fake investment sites.
DR

Dark Reading

17h ago
0
bleepingcomputer.com
New ‘Pack2TheRoot’ flaw gives hackers root Linux access

A new vulnerability dubbed Pack2TheRoot could be exploited in the PackageKit daemon to allow local Linux users to install or remove system packages and gain ro…
SA

SariMartinez

18h ago
0
thehackernews.com
FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Surviv…

The U. S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed federal civilian agency's Cisco Firepower device running Adaptiv…
Carlos the great

Carlos the great

18h ago
0

Keep browsing

Explore more from this topic

Dive into the full feed of curated posts covering Cybersecurity & Data Protection.

Browse Topics

RELATED CONTENT

Continue exploring

Discover more content that aligns with your interests and this post.

thehackernews.com
Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engi…

Cybersecurity researchers have discovered a new Lua-based malware created years before the notorious Stuxnet worm that aimed to sabotage Iran's nuclear program…
TA

taylor??

1h ago
0
thehackernews.com
CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadl…

The U. S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added four vulnerabilities impacting SimpleHelp, Samsung MagicINFO 9 Server, and D-…
TN

The Hacker News

6h ago
0
thehackernews.com
FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Surviv…

The U. S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed federal civilian agency's Cisco Firepower device running Adaptiv…
Carlos the great

Carlos the great

18h ago
0
thehackernews.com
NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. …

The Office of Inspector General (OIG) of the U. S. National Aeronautics and Space Administration (NASA) has revealed how a Chinese national posed as a U. S. re…
NightCurator

NightCurator

21h ago
0
thehackernews.com
Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy …

Chinese-speaking individuals are the target of a new campaign that uses a trojanized version of SumatraPDF reader to deploy the AdaptixC2 Beacon post-exploitat…
TN

The Hacker News

1d ago
0
thehackernews.com
LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Discl…

A high-severity security flaw in LMDeploy, an open-source toolkit for compressing, deploying, and serving LLMs, has come under active exploitation in the wild…
SA

SariMartinez

1d ago
0

Still curious?

See more related posts

Keep the inspiration flowing with fresh submissions and trending finds from the community.

View Latest