Find notable cyber news and cases, enriched with sources, timelines, and signals.

GitHub Copilot chat disables image rendering to block CamoLeak exfiltration

Security Tool/Service
First reported
Last updated
Happening score
H score 11
1 unique sources, 1 articles

Summary

Hide ▲

GitHub Copilot chat has disabled all image rendering to block the CamoLeak image-based exfiltration path, reducing the risk that prompt-injected instructions can leak sensitive data through rendered pixels. The mitigation matters because the technique was designed to bypass the Camo proxy and selectively expose passwords, private keys, tokens, and credentials. GitHub says the change has been in place since August.

Related Happenings

Anthropic Claude Code GitHub Action bypass fix (v1.0.94)

Security Patch Release
H score43 First: 04.06.2026 18:15 Last: 04.06.2026 18:15 Sources 1

About this happening: Anthropic shipped **claude-code-action v1.0.94** to close a **trigger-check bypass** in **Claude Code GitHub Action**, reducing takeover risk for **public repositories** that run...

Claude Code GitHub Action bot trigger bypass security flaw

Vulnerability
H score31 First: 04.06.2026 18:15 Last: 04.06.2026 18:15 Sources 1

About this happening: **Anthropic's Claude Code GitHub Action** had a **trigger-check bypass** that let a malicious **GitHub issue** escalate into **repository takeover** for vulnerable public reposito...

GitHub git push RCE (CVE-2026-3854)

Vulnerability
H score27 First: 29.04.2026 15:41 Last: 29.04.2026 15:41 Sources 1

About this happening: GitHub patched **CVE-2026-3854**, a critical **remote code execution** flaw affecting **GitHub.com** and **GitHub Enterprise Server** that could expose **millions of private repos...

GitHub CVE-2026-3854 security patch release

Security Patch Release
H score34 First: 29.04.2026 15:41 Last: 29.04.2026 15:41 Sources 1

About this happening: **GitHub** released **security fixes** for **CVE-2026-3854**, patching **GitHub.com** and supported **GitHub Enterprise Server** builds after a critical **remote code execution**...

GitHub Codespaces malicious repository or pull request RCE remote code execution flaw

Vulnerability
H score33 First: 05.02.2026 16:30 Last: 05.02.2026 16:30 Sources 1

About this happening: **GitHub Codespaces** vulnerability **RoguePilot** can let an attacker abuse **GitHub Copilot** by planting hidden instructions in a **GitHub issue**, then opening a Codespace fro...

Timeline

  1. 09.10.2025 22:56 2 articles · 9mo ago

    GitHub disables image rendering in Copilot chat

    Mitigation Patch Update

    GitHub disabled all image rendering in Copilot chat to block the CamoLeak exfiltration path that used hidden pull-request prompt injection and Camo image requests to leak passwords, private keys, tokens, and credentials. GitHub says the control has been in place since August.

    Show sources