GitHub, Copilot and Microsoft

Thousands of exposed GitHub repositories, now private, can still be accessed through Copilot
Lasso extracted a list of repositories that were public at any point in 2024 and identified the repositories that had since been deleted or set to private. Using Bing’s caching mechanism, the company found more than 20,000 since-private GitHub repositories still had data accessible through Copilot, affecting more than 16,000 organizations.
Copilot exposes private GitHub pages, some removed by Microsoft
Microsoft’s Copilot AI assistant is exposing the contents of more than 20,000 private GitHub repositories from companies including Google, Intel, Huawei, PayPal, IBM, Tencent and, ironically, Microsoft.
Thousands of GitHub repositories exposed via Microsoft Copilot
Thousands of private GitHub repositories, some of which possibly contained credentials and other secrets, are being exposed through Microsoft Copilot, the company’s Generative Artificial Intelligence (GenAI) virtual assistant, experts have warned. Cybersecurity researchers from Lasso reported their findings to Microsoft but got a mixed response.
Chatbots are surfacing data from GitHub repositories that are set to private
Popular chatbot services like Copilot and ChatGPT could theoretically be exploited to access GitHub repositories that their owners have set to private. According to Israeli security
Microsoft Copilot continues to expose private GitHub repositories
A recent post alleged that ChatGPT (and, by association, Microsoft Copilot) was capable of accessing data from private GitHub repositories.
Microsoft added GitHub Copilot in Windows Terminal Canary for free
Microsoft included GitHub Copilot for free in Windows Terminal Canary to help coders with their projects. Here's how to get it now.
CoinDesk2d
Hackers Are Using Fake GitHub Code to Steal Your Bitcoin: Kaspersky
The attack starts with seemingly legitimate GitHub projects — like making Telegram bots for managing bitcoin wallets or tools ...
Kaspersky warns of malware-ridden GitHub projects: how hackers are stealing credentials
Cybercriminals are exploiting GitHub to spread credential-stealing malware through fake repositories, cybersecurity firm ...
InfoQ3d
GitHub Copilot Extensions Integrate IDEs with External Services
Now generally available, GitHub Copilot Extensions allow developers to use natural language to query documentation, generate ...
GitHub Copilot automatically checks the code of other members in the project
With the new Copilot review function, GitHub supports the work of development teams by automatically checking code.
GitVenom attacks abuse hundreds of GitHub repos to steal crypto
A malware campaign dubbed GitVenom uses hundreds of GitHub repositories to trick users into downloading info-stealers, remote ...
CoinDesk2d
The Protocol: Ethereum’s Pectra Goes Live on Testnet
Also: Avalanche Visa card launched; EF executive director leaving; hackers using fake GitHub to steal bitcoin.