Multiple threat actors are abusing the GitHub API to discover organizations’ repositories and members via ghost accounts.
A critical prompt injection vulnerability in GitHub Agentic Workflows could allow unauthenticated attackers to leak private repository data, ...
The flaw allows an unauthenticated attacker to craft a GitHub Issue in an org's public repository and then silently pull data ...
AI browsers can be convenient, but they also come with security risks.
The issue affects GitHub Agentic Workflows setups that read public input, hold private repo access, and can post output ...
GitHub ghost accounts and exposed PATs scrape corporate orgs through the API, with select cases cloning private repos.
With the ability to take control of distributed devices at scale, HalluSquatting has the potential to achieve various ...
Noma Labs tricked GitHub's AI agent into leaking private repositories with a crafted issue. The prompt-injection flaw, GitLost, has no code fix.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results