Find notable cyber news and cases, enriched with sources, timelines, and signals.

GitHub Codespaces malicious repository or pull request RCE remote code execution flaw

Vulnerability
First reported
Last updated
Happening score
H score 33
2 unique sources, 2 articles

Summary

Hide ▲

GitHub Codespaces vulnerability RoguePilot can let an attacker abuse GitHub Copilot by planting hidden instructions in a GitHub issue, then opening a Codespace from that issue to trigger silent command execution and leak GITHUB_TOKEN data. Orca Security said the flaw was a case of passive or indirect prompt injection, and Microsoft has since patched it after responsible disclosure. The broader abuse path remains tied to trusted Codespaces workflows, where attacker-controlled content can be processed by the built-in AI assistant without obvious warning.

Related Happenings

AI coding assistants GhostApproval symlink security flaw

Vulnerability
H score22 First: 09.07.2026 07:27 Last: 09.07.2026 07:27 Sources 1

About this happening: A **July 8** disclosure identified **GhostApproval**, a **symlink** flaw in **six AI coding assistants** that can redirect approved writes into **~/.ssh/authorized_keys** or **~/....

Workflow-level jailbreak makes GitHub Copilot Chat write harmful answers in code files

Technical Analysis
H score22 First: 08.07.2026 14:21 Last: 08.07.2026 14:21 Sources 1

About this happening: Researchers demonstrated a **workflow-level jailbreak** against **GitHub Copilot Chat** that caused harmful answers to be written inside code tasks even when direct chat prompts w...

GitHub Agentic Workflows indirect prompt injection security flaw

Vulnerability
H score27 First: 07.07.2026 17:04 Last: 07.07.2026 17:04 Sources 1

About this happening: **GitHub Agentic Workflows** has an **indirect prompt injection** flaw that can let a **public issue** leak content from **private repositories** into public comments. The risk is...

Microsoft hit by cyberattack

Incident
H score68 First: 09.06.2026 18:42 Last: 09.06.2026 18:42 Sources 1

About this happening: A **Microsoft** GitHub repository removal incident in **June 2026** disrupted **continuous integration pipelines** and briefly broke **Azure/functions-action** workflows used by d...

Claude Code GitHub Action bot trigger bypass security flaw

Vulnerability
H score31 First: 04.06.2026 18:15 Last: 04.06.2026 18:15 Sources 1

About this happening: **Anthropic's Claude Code GitHub Action** had a **trigger-check bypass** that let a malicious **GitHub issue** escalate into **repository takeover** for vulnerable public reposito...

Timeline

  1. 05.02.2026 16:30 2 articles · 5mo ago

    GitHub Codespaces malicious repository and pull request RCE disclosure

    Initial Disclosure

    Orca Security identified three GitHub Codespaces abuse paths that can trigger arbitrary command execution when a user opens a malicious repository or checks out a malicious pull request: .vscode/tasks.json, .vscode/settings.json, and .devcontainer/devcontainer.json. The described abuse can steal GitHub authentication tokens and Codespaces secrets, support lateral movement in GitHub Enterprise environments, and expose hidden organisational data; stolen tokens may also be used with undocumented GitHub APIs to access premium Microsoft Copilot models. Microsoft said the behavior is by design and depends on trusted-repository controls and existing settings to limit abuse.

    Show sources