Weak security controls around the use of public GitHub code repositories allowed a contractor for the Cybersecurity and Infrastructure Security Agency (CISA) to accidentally leak private cloud access ...
GitHub's former CEO launches a distributed Git network built for the agentic coding age ...
Former GitHub CEO Thomas Dohmke's startup Entire is rolling out a distributed network for mirroring code repositories, making ...
The issue affects GitHub Agentic Workflows setups that read public input, hold private repo access, and can post output ...
A prompt injection attack can trick GitHub’s preview Agentic Workflows into retrieving content from private repositories and ...
In early March, GitHub patched a critical remote code execution vulnerability (CVE-2026-3854) that could have allowed attackers to access millions of private repositories. The flaw was reported on ...
Researchers have uncovered a sustained campaign using GitHub's public APIs and ghost accounts to profile enterprise software ...
Research shows signed Git commits can be re-encoded into fresh GitHub Verified hashes without changing files or breaking ...
Noma Labs tricked GitHub's AI agent into leaking private repositories with a crafted issue. The prompt-injection flaw, GitLost, has no code fix.
Malicious prompters could easily trick GitHub agents into pulling data from private repositories and then leaking the ...