SecurityWeek

GitHub Issues Abused in Copilot Attack Leading to Repository Takeover

Orca has discovered a supply chain attack that abuses GitHub Issue to take over Copilot when launching a Codespace from that ...
The Hacker News

RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN

RoguePilot flaw let GitHub Copilot leak GITHUB_TOKEN, while new studies expose LLM side channels, ShadowLogic backdoors, and promptware risks.
Bleeping Computer

Hackers can use GitHub Codespaces to host and deliver malware

Researchers have demonstrated how threat actors can abuse the GitHub Codespaces' port forwarding' feature to host and distribute malware and malicious scripts. GitHub Codespaces allows developers to ...
CSOonline

How attackers might use GitHub Codespaces to hide malware delivery

A feature that allows developers to make applications accessible by a public GitHub URL could enable attackers to deliver malware and avoid detection. Attackers could start abusing GitHub Codespaces, ...
GIGAZINE

Pointed out that GitHub's cloud development environment 'Codespace' can be exploited as a malware distribution server

Trend Micro points out that malware can be hosted and distributed using `` Codespaces '', a free cloud development environment that can be accessed from a browser provided by GitHub. Codespaces is a ...
ZDNet

Microsoft: New VS Code update is out – plus here's what GitHub Codespaces will cost

Microsoft has released a new update of its Visual Studio Code (VS Code) code editor for Windows, Windows on Arm, macOS and Linux. The latest update brings VS Code to version 1.51, which contains fixes ...