Researchers found an OpenAI Codex vulnerability that could have been exploited to compromise GitHub tokens.
The post Critical Vulnerability in OpenAI Codex Allowed GitHub Token Compromise appeared first on SecurityWeek.
Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack
Hackers published a malicious scanner release and replaced tags to point to information-stealer malware.
The post Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack appeared first on SecurityWeek.
ForceMemo: Python Repositories Compromised in GlassWorm Aftermath
Hundreds of GitHub accounts were accessed using credentials stolen in the VS Code GlassWorm campaign.
The post ForceMemo: Python Repositories Compromised in GlassWorm Aftermath appeared first on SecurityWeek.
GitHub Issues Abused in Copilot Attack Leading to Repository Takeover
Attackers can inject malicious instructions in a GitHub Issue that are automatically processed by Copilot when launching a Codespace from that issue.
The post GitHub Issues Abused in Copilot Attack Leading to Repository Takeover appeared first on SecurityWeek.
VS Code Configs Expose GitHub Codespaces to Attacks
VS Code-integrated configuration files are automatically executed in Codespaces when the user opens a repository or pull request.
The post VS Code Configs Expose GitHub Codespaces to Attacks appeared first on SecurityWeek.
GitHub Copilot Chat Flaw Leaked Data From Private Repositories
Hidden comments allowed full control over Copilot responses and leaked sensitive information and source code.
The post GitHub Copilot Chat Flaw Leaked Data From Private Repositories appeared first on SecurityWeek.
GitHub Boosting Security in Response to NPM Supply Chain Attacks
GitHub will implement local publishing with mandatory 2FA, granular tokens that expire after seven days, and trusted publishing.
The post GitHub Boosting Security in Response to NPM Supply Chain Attacks appeared first on SecurityWeek.
GitHub Workflows Attack Affects Hundreds of Repos, Thousands of Secrets
A supply chain attack called GhostAction has enabled threat actors to steal secrets and exploit them.
The post GitHub Workflows Attack Affects Hundreds of Repos, Thousands of Secrets appeared first on SecurityWeek.
Over 6,700 Private Repositories Made Public in Nx Supply Chain Attack
The private repositories of hundreds of organizations were published publicly in the second phase of the Nx supply chain attack.
The post Over 6,700 Private Repositories Made Public in Nx Supply Chain Attack appeared first on SecurityWeek.
Code Execution Vulnerability Patched in GitHub Enterprise Server
A high-severity vulnerability in GitHub Enterprise Server could have allowed remote attackers to execute arbitrary code.
The post Code Execution Vulnerability Patched in GitHub Enterprise Server appeared first on SecurityWeek.
