Find notable cyber news and cases, enriched with sources, timelines, and signals.

GitHub Agentic Workflows indirect prompt injection security flaw

Vulnerability
First reported
Last updated
Happening score
H score 27
1 unique sources, 1 articles

Summary

Hide ▲

GitHub Agentic Workflows has an indirect prompt injection flaw that can let a public issue leak content from private repositories into public comments. The risk is highest when an organization gives the agent broad read access across repos, because attacker-controlled text can steer the agent into exfiltrating data it can already read. In Noma Security's proof of concept, the workflow pulled a private repository's README and posted it publicly, and a one-word change, Additionally, bypassed GitHub's guardrail.

Related Happenings

Single organization's private GitHub repository cloned after confirmed access

Data Leak
H score12 First: 09.07.2026 21:38 Last: 09.07.2026 21:38 Sources 1

About this happening: **Confirmed access** to a **private GitHub repository** belonging to **one organization** marks a concrete **data exposure** and raises the risk of source-code or internal-content...

GitHub API enumeration campaign targeting corporate organizations

Campaign
H score17 First: 09.07.2026 21:38 Last: 09.07.2026 21:38 Sources 1

About this happening: A **GitHub API reconnaissance campaign** is systematically mapping **corporate organizations**, repositories, and user accounts across multiple companies, expanding the risk of fo...

GitHub npm GAT publish-token mitigation guidance

Advisory/Mitigation
H score25 First: 09.07.2026 19:49 Last: 09.07.2026 19:49 Sources 1

About this happening: GitHub is steering **npm users** away from **long-lived publish tokens** as **npm GATs** that bypass **2FA** lose direct publishing and sensitive-management abilities. The recomme...

GitHub actions/checkout blocks fork pull request checkouts by default in privileged workflows

Security Tool/Service
H score11 First: 23.06.2026 17:22 Last: 23.06.2026 17:22 Sources 1

About this happening: GitHub's **actions/checkout** now refuses common **pwn request** patterns by default, cutting the risk of attacker-controlled code execution in privileged **GitHub Actions** workf...

Miasma supply-chain malware activity

Malware Activity
H score34 First: 10.06.2026 23:27 Last: 10.06.2026 23:27 Sources 1

About this happening: The **Miasma** malware activity is enabling **supply-chain compromise** by stealing **build environment** and **cloud credentials**, then using them to poison legitimate packages...

Timeline

  1. 07.07.2026 17:04 2 articles · 2d ago

    Noma Security discloses GitLost prompt injection flaw in GitHub Agentic Workflows

    Initial Disclosure

    Noma Security disclosed GitLost, an indirect prompt injection flaw in GitHub Agentic Workflows that can steer an agent with broad repository read access into copying private repository content into a public issue comment. The proof of concept showed a normal-looking public issue could exfiltrate a private repository's README, and a one-word prefix, "Additionally", was enough to bypass GitHub's guardrail.

    Show sources