#secret-exfiltration

[ follow ]
#copilot-chat #camoleak #camo-image-proxy #npm-supply-chain #self-replicating-malware #github-exposure
fromTheregister
18 hours ago

GitHub patches Copilot Chat flaw that could leak secrets

Researcher Omer Mayraz of Legit Security disclosed a critical vulnerability, dubbed CamoLeak, that could be used to trick Copilot Chat into exfiltrating secrets, private source code, and even descriptions of unpublished vulnerabilities from repositories. The flaw was scored 9.6 on the CVSS scale in the disclosure. The root cause is simple. Copilot Chat runs with the permissions of the signed-in user and ingests contextual text that humans might not see.
Information security
Information security
fromSecurityWeek
3 weeks ago

Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit

A supply-chain attack named Shai-Hulud infected over 180 NPM packages with self-replicating malware that stole secrets and published them to public GitHub repositories.
[ Load more ]