RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN

A vulnerability in GitHub Codespaces could have been exploited by bad actors to seize control of repositories by injecting malicious Copilot instructions in a GitHub issue. The artificial intelligence AI-driven vulnerability has been codenamed RoguePilot by Orca Security. It has since been patche...

CVE-2025-62379

Reflex is a library to build full-stack web apps in pure Python. In versions 0.5.4 through 0.8.14, the /auth-codespace endpoint automatically assigns the redirectto query parameter value directly to client-side links without any validation and triggers automatic clicks when the page loads in a...

ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service

Cybersecurity researchers have disclosed details of a new botnet that customers can rent access to conduct distributed denial-of-service DDoS attacks against targets of interest. The ShadowV2 botnet, according to Darktrace, predominantly targets misconfigured Docker containers on Amazon Web...

Exploit for CVE-2025-49113

Roundcube RCE Lab CVE-2025-49113 !Open in GitHub Codespac...

Exploit for CVE-2025-49113

Roundcube RCE Lab CVE-2025-49113 !Open in GitHub Codespac...

Exploit for CVE-2025-49113

Roundcube RCE Lab CVE-2025-49113 !Open in GitHub Codespac...

UBUNTU-CVE-2024-52308

The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using gh codespace ssh or gh codespace logs commands. This has been patched in the cli v2.62.0. Developers connect to remote codespaces through an SSH server running with...

Telegram-Nearby-Map - Discover The Location Of Nearby Telegram Users

Telegram Nearby Map uses OpenStreetMap and the official Telegram library to find the position of nearby users. Please note: Telegram's API was updated a while ago to make nearby user distances less precise, preventing exact location calculations. Therefore, Telegram Nearby Map displays users...

New Stealthy Bandit Stealer Targeting Web Browsers and Cryptocurrency Wallets

A new stealthy information stealer malware called Bandit Stealer has caught the attention of cybersecurity researchers for its ability to target numerous web browsers and cryptocurrency wallets. "It has the potential to expand to other platforms as Bandit Stealer was developed using the Go...

Rust-Based Info Stealers Abuse GitHub Codespaces

This is the first part of our security analysis of an information stealer targeting GitHub Codespaces CS that discusses how attackers can abuse these cloud services for a variety of malicious activities...

Hackers Can Abuse Legitimate GitHub Codespaces Feature to Deliver Malware

New research has found that it is possible for threat actors to abuse a legitimate feature in GitHub Codespaces to deliver malware to victim systems. GitHub Codespaces is a cloud-based configurable development environment that allows users to debug, maintain, and commit changes to a given codebas...

Hackers Can Abuse Legitimate GitHub Codespaces Feature to Deliver Malware

New research has found that it is possible for threat actors to abuse a legitimate feature in GitHub Codespaces to deliver malware to victim systems. GitHub Codespaces is a cloud-based configurable development environment that allows users to debug, maintain, and commit changes to a given codebas...