In Operation Muck and Load, over 200 GitHub repositories serve a Go module that leads to Windows malware infections.
Researchers have uncovered a sustained campaign using GitHub's public APIs and ghost accounts to profile enterprise software ...
Noma Labs tricked GitHub's AI agent into leaking private repositories with a crafted issue. The prompt-injection flaw, GitLost, has no code fix.
A prompt injection attack can trick GitHub’s preview Agentic Workflows into retrieving content from private repositories and ...
IT services giant Accenture has confirmed it suffered a security breach after a threat actor claimed to have stolen 35 GB of ...
The issue affects GitHub Agentic Workflows setups that read public input, hold private repo access, and can post output ...