CSO Online

GitHub Copilot prompt injection flaw leaked sensitive data from private repos

Hidden comments in pull requests analyzed by Copilot Chat leaked AWS keys from users’ private repositories, demonstrating yet another way prompt injection attacks can unfold.
Infosecurity-magazine.com

Tj-actions Supply Chain Attack Traced Back to Single GitHub Token Compromise

A recent supply chain attack that compromised the popular tj-actions/changed-files GitHub action has left a trail of digital destruction, affecting 218 GitHub repositories. As investigators dig deeper ...
DataBreachToday

GitHub Copilot Chat Flaw Let Private Code Leak Via Images

A now-patched flaw in GitHub Copilot Chat could have allowed attackers to steal private source code and secrets by embedding ...
SecurityWeek

GitHub Copilot Chat Flaw Leaked Data From Private Repositories

A vulnerability in the GitHub Copilot Chat AI assistant led to sensitive data leakage and full control over Copilot’s ...
Ars Technica

Copilot exposes private GitHub pages, some removed by Microsoft

Microsoft’s Copilot AI assistant is exposing the contents of more than 20,000 private GitHub repositories from companies including Google, Intel, Huawei, PayPal, IBM, Tencent and, ironically, ...
Visual Studio Magazine

Building and Deploying a .NET 9 App Using Azure, Bicep and GitHub Actions

.NET 9 and its ASP.NET Core 9 web-dev framework are coming in November with the latest technology and tools for building modern web apps. And these days, that usually means leveraging the cloud and ...