Morning Overview on MSN

Microsoft patches GitHub’s worst vulnerability in years within two hours of disclosure — no exploitation found

A critical remote code execution flaw in GitHub was patched by Microsoft in roughly two hours after public disclosure, ...

Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it

A prompt injection attack hit Claude Code, Gemini CLI, and Copilot simultaneously. Here's what all three system cards reveal — and don't — about agent runtime protection.
CSOonline

GitHub Copilot prompt injection flaw leaked sensitive data from private repos

Hidden comments in pull requests analyzed by Copilot Chat leaked AWS keys from users’ private repositories, demonstrating yet another way prompt injection attacks can unfold. In a new case that ...
Bleeping Computer

GitHub projects targeted with malicious commits to frame researcher

GitHub projects have been targeted with malicious commits and pull requests, in an attempt to inject backdoors into these projects. Most recently, the GitHub repository of Exo Labs, an AI and machine ...

GitHub and GitHub Enterprise Server: Code smuggling via push

In GitHub and GitHub Enterprise Server, attackers with push rights to repositories can inject malicious code. Updates fix this.