First reported by BackBox.org
GitLost: GitHub’s AI Agent Tricked Into Leaking Private Repository Data
Public GitHub Issue Could Trick GitHub Agentic Workflows Into Leaking Private Repo Data
By
[email protected] (The Hacker News)
3h agoen
Source
A public issue can trick GitHub Agentic Workflows into leaking the contents of an organization's private repositories, researchers at Noma Security have shown. The attacker needs only to open a normal-looking issue on a public repository, with no stolen credentials and no access to the organization. If that organization has given the agent read access across its repositories, private ones
You might also wanna read
GitLost: GitHub’s AI Agent Tricked Into Leaking Private Repository Data
BackBox.org·4h ago
GitHub Actions workflows identified as common weak link in open source supply chain attacks
This article analyzes a series of high-profile open source supply chain security incidents from the past 18 months, tracing them back to Git
Andrew Nesbitt·2mo ago
GitHub introduces workflow execution protections to control who can trigger Actions
GitHub has introduced Workflow Execution Protections in public preview for GitHub Enterprise, organizations, and repositories. This feature
GitHub Actions' Package Manager Lacks Critical Security Features
The article investigates GitHub Actions' dependency resolution system, revealing it functions as a package manager but lacks critical securi
nesbitt.io·7mo ago

GitHub patches critical remote code execution vulnerability in under six hours after AI-assisted discovery
GitHub patched a critical remote code execution vulnerability in under six hours last month. The flaw, discovered by Wiz Research using AI m
CISA Contractor Leaks AWS GovCloud Keys and Agency Secrets on Public GitHub; Lawmakers Demand Answers
A CISA contractor with administrative access intentionally published AWS GovCloud keys and other sensitive agency secrets on a public GitHub
krebsonsecurity.com·1mo ago

Comments
Sign in to join the conversation.
No comments yet. Be the first.