{"data":{"id":"509cb200-4fcd-4530-bd6e-6829b326d13c","title":"GitHub Issues Abused in Copilot Attack Leading to Repository Takeover","summary":"Attackers can hide malicious instructions in GitHub Issues (bug reports or comments on a code repository) that GitHub Copilot (an AI coding assistant) automatically processes when a developer launches a Codespace (a cloud-based development environment) from that issue. This can lead to unauthorized takeover of the repository.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://www.securityweek.com/github-issues-abused-in-copilot-attack-leading-to-repository-takeover/","publishedAt":"2026-02-24T12:26:53.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["prompt_injection","supply_chain"],"issueType":"news","affectedPackages":null,"affectedVendors":["Microsoft"],"affectedVendorsRaw":["GitHub Copilot","GitHub","Microsoft"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}