Bleeping Computer

Hackers can use GitHub Codespaces to host and deliver malware

Researchers have demonstrated how threat actors can abuse the GitHub Codespaces' port forwarding' feature to host and distribute malware and malicious scripts. GitHub Codespaces allows developers to ...
CSOonline

How attackers might use GitHub Codespaces to hide malware delivery

A feature that allows developers to make applications accessible by a public GitHub URL could enable attackers to deliver malware and avoid detection. Attackers could start abusing GitHub Codespaces, ...
ITWire

GitHub announces GitHub Codespaces CLI integration and SSH, GitHub Issues, and more

GitHub is holding its annual GitHub Universe conference this week with new features announced adding even more power to the site’s GitHub Actions, GitHub Copilot, and GitHub Codespaces, and ...
腾讯网

GitHub Codespaces存在RoguePilot漏洞,可致GitHub令牌泄露

安全研究人员发现,GitHub Codespaces中存在一个被命名为RoguePilot的严重漏洞,攻击者可以通过在GitHub问题中注入恶意Copilot指令来控制代码仓库。 该人工智能驱动的漏洞由Orca Security安全公司发现并命名为RoguePilot,微软在负责任披露后已经修补了这一漏洞。安全研究 ...
TechRadar

GitHub Codespaces can be hijacked to send out malware

TCP port forwarding woes The problem lies in the fact that Codespaces allows TCP port forwarding, a well-intentioned feature allowing devs to share their work with the public, likely for testing.
The Next Web

GitHub Codespaces lets you code in your browser without any setup

In a major announcement for developers, GitHub has launched Codespaces — a feature that lets you code directly on the web. Think of this as a virtual Integrated Development Environment (IDE) on the ...