Public GitHub Issue Could Trick GitHub Agentic Workflows Into Leaking Private Repo Data

A public issue can trick GitHub Agentic Workflows into leaking the contents of an organization’s private repositories, researchers at Noma Security have shown.

The attacker needs only to open a normal-looking issue on a public repository, with no stolen credentials and no access to the organization. If that organization has given the agent read access across its repositories, private ones

Source: The Hacker News

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

Attack Update: Top 5 Attack-IPs auf doode.info – 05.07.2026

Watchtower Attack Update. Hier die aktuellen Top 5 Attack-IPs, die auf doode.info klopfen. 89.167.35.212 — 703 requests (recent log) 213.209.159.175 — 263 requests (recent log) 216.244.66.232 — 153 requests (recent

AI is code – and can’t be prompted into being smarter

AI is code – and can’t be prompted into being smarter Source: Hacker News

Show HN: We post-trained a model that pen tests instead of refusing

Show HN: We post-trained a model that pen tests instead of refusing Source: Hacker News