'GitLost' Flaw Leaks Private Data From GitHub's Agentic Workflows
The flaw allows an unauthenticated attacker to craft a GitHub Issue in an org's public repository and then silently pull data from its private repos, too.
Stay informed about the latest Github infosec updates, security breaches, and protection strategies with our comprehensive information security news.
Search across headline titles and summaries.
Background for this topic.
GitHub is a hosted software-development platform built around Git repositories. It supports public and private source-code hosting, change review through pull requests, issue tracking, automated workflows, and package distribution. Its repositories and automation are important security assets because they can contain proprietary code, deployment instructions, credentials, and the components used to build released software.
Material risks include accidentally committing secrets, exposing private repositories through misconfigured permissions, and allowing compromised dependencies or workflow actions to run in trusted build environments. Pull requests from untrusted contributors can also become an execution path when workflows handle them unsafely. Security practice includes least-privilege access, strong authentication, protected branches and required reviews, secret scanning and rapid credential revocation, and auditing workflow permissions. Repository history, dependency metadata, and commit provenance can support vulnerability management and incident investigation, but deleting a leaked secret from the latest file does not remove it from historical commits or existing clones.
Weekly headline count for the current query.
The flaw allows an unauthenticated attacker to craft a GitHub Issue in an org's public repository and then silently pull data from its private repos, too.
Attackers are using multiple online channels — including GitHub, YouTube, and VirusTotal — to build an illusion of trust to spread a cross-platform clipboard hijacker.
A leaked GitHub token underscores what most organizations get wrong: Treating secrets management as a tooling problem rather than an identity problem.
The attacks stemmed from a GitHub account that was also compromised in a previous Miasma attack on Microsoft last month.
In just six hours, the campaign quietly pushed thousands of malicious commits to more than 5,500 GitHub repositories, stealing credentials, developer secrets, and more.
GitHub confirmed a data breach this week involving the theft of thousands of developer code repositories. One threat actor — TeamPCP — took credit.
The agency's GitHub repository, publicly available since November 2025, was ironically named "Private-CISA."
Wiz used an AI reverse-engineering tool to pinpoint a vulnerability that previously would have been too costly and time-consuming to undertake.
PRT-scan is the second campaign in recent months where a threat actor appears to have leveraged AI for automated targeting of a widespread GitHub misconfiguration.
The rebuilt Chainguard platform adds deeper security designed to continuously reconcile open source artifacts across containers, libraries, agent skills, and GitHub Actions.
Nation-state malware is being sold on the Dark Web and leaked to GitHub; and ordinary organizations might not stand much of a chance of defending themselves.
An AI-assisted campaign is spreading more than 300 poisoned packages for diverse assets ranging from developer tools to game cheats.
Attackers operated an active C2 implant for up to a week and compromised AppSec vendor Xygeni's xygeni/xygeni-action in that time.
At this week's Black Hat Europe conference, two researchers urged developers to adopt a shared responsibility model for open source software and not leave it all up to GitHub to handle.
While GitHub has advanced protections for its built-in AI agent, a researcher came up with a creative proof-of-concept (PoC) attack for exfiltrating code and secrets via Copilot.
GitHub will address weak authentication and overly permissive tokens in the NPM ecosystem, following high-profile threat campaigns like those involving Shai-Hulud malware.
Threat actors are using a large-scale SEO poisoning campaign and fake GitHub repositories to deliver Atomic infostealers to Mac users.
The breach kickstarted a massive supply chain attack that led to the compromise of hundreds of Salesforce instances through stolen OAuth tokens.
New features to take over smartphones and monitor user activity demonstrate the continued evolution of the malware, which is now being spread on GitHub.
By addressing these overlooked risk vectors, organizations can continue leveraging GitHub's innovation while protecting against sophisticated supply chain attacks targeting interconnected software.