Bleeping Computer

Hackers can use GitHub Codespaces to host and deliver malware

Researchers have demonstrated how threat actors can abuse the GitHub Codespaces' port forwarding' feature to host and distribute malware and malicious scripts. GitHub Codespaces allows developers to ...
The Hacker News

RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN

RoguePilot flaw let GitHub Copilot leak GITHUB_TOKEN, while new studies expose LLM side channels, ShadowLogic backdoors, and promptware risks.
CSOonline

How attackers might use GitHub Codespaces to hide malware delivery

A feature that allows developers to make applications accessible by a public GitHub URL could enable attackers to deliver malware and avoid detection. Attackers could start abusing GitHub Codespaces, ...