Geeky Gadgets

Why your private GitHub repos may not be as secure as you think

Private and deleted GitHub repositories are not as secure as users might assume. Data from deleted forks, deleted repositories, and private repositories can still be accessed, often indefinitely. This ...
CSOonline

GitHub Actions attack renders even security-aware orgs vulnerable

Many open-source repositories contain privileged GitHub Actions workflows that execute untrusted code and can be triggered by attackers to expose credentials and access tokens, as MITRE and Splunk ...
GIGAZINE

It's by design that anyone can access deleted or private repositories on GitHub.

GitHub allows anyone to access forks and repositories that have been deleted or set to private, and this behavior is by design and not a flaw, open source security firm Truffle Security said in a blog ...
heise online

Attack via GitHub MCP server: Access to private data

A blog post by AI security company Invariant Labs shows that the official GitHub MCP server (Model Context Protocol) can invite prompt injection attacks. In a proof of concept, an attacker used a ...
Ars Technica

Copilot exposes private GitHub pages, some removed by Microsoft

Microsoft’s Copilot AI assistant is exposing the contents of more than 20,000 private GitHub repositories from companies including Google, Intel, Huawei, PayPal, IBM, Tencent and, ironically, ...
TechCrunch

Thousands of exposed GitHub repositories, now private, can still be accessed through Copilot

Security researchers are warning that data exposed to the internet, even for a moment, can linger in online generative AI chatbots like Microsoft Copilot long after the data is made private. Thousands ...
InfoWorld

Thousands of open source projects at risk from hack of GitHub Actions tool

App development teams who use a popular utility in the GitHub Actions continuous integration and continuous delivery/deployment (CI/CD) platform need to scrub their code because the tool was ...