tldrdailynews.com logo
Tag

Github

All articles tagged with #github

technology2 days ago

Congress Demands Answers as CISA Struggles to Contain Contractor-Linked Data Leak

Lawmakers from both parties pressed CISA for answers after KrebsOnSecurity reported a contractor publicly posted plaintext credentials and AWS GovCloud keys to a GitHub account, triggering ongoing credential rotation and breach containment. Experts warn that exposed keys could enable access to code, CI/CD pipelines, and sensitive systems. CISA says it is rotating leaked credentials and coordinating with vendors, while lawmakers demand answers about internal policies amid leadership turnover and broader concerns about the agency’s security culture.

via Krebs on Security|
#cisa#congress#cybersecurity
AI-Generated Reports, GitHub Chaos, and Linux Vulnerabilities This Week
security3 days ago

AI-Generated Reports, GitHub Chaos, and Linux Vulnerabilities This Week

This week highlights AI’s role in security reporting amid a flood of Linux flaws: Google’s Project Zero exposed a zero-click Pixel 10 exploit chained from a Dolby decoder memory flaw to kernel memory (patched in Feb 2026, 71 days after disclosure); Linus Torvalds praises AI tools but urges verification and fixes for AI-generated bug reports; GitHub discusses AI-generated reports in bug bounties and reports a breach via a compromised VSCode extension; Linux moves to remove zero-copy AF_ALG to curb CopyFail risks; new bugs raise root/DoS/RCE concerns (pid-fd/ssh-keysign-pwn, RDS-pintheft, nginx-rift/nginx-poolslip); Google discloses a Chromium botnet risk tied to JavaScript service workers with patch timing unclear; and a CISA credential leak in a public GitHub repo underscores ongoing access-risk from exposed tokens.

via Hackaday|
#ai#github#linux
GitHub breach tied to poisoned VS Code extension hits thousands of internal repos
security6 days ago

GitHub breach tied to poisoned VS Code extension hits thousands of internal repos

GitHub confirmed that a poisoned Visual Studio Code extension installed on an employee’s device led to the exfiltration of roughly 3,800 internal repositories; the malicious extension was removed from the VS Code Marketplace and the endpoint isolated, with incident response begun. Current assessment indicates only GitHub’s internal repositories were affected and there is no evidence that customer data outside the affected repos was compromised. The TeamPCP group has claimed access to about 4,000 repos on a cybercrime forum, though attribution remains unsettled. This follows a history of trojanized VS Code extensions used to steal code and credentials.

via BleepingComputer|
#data-exfiltration#github#internal-repositories
Public GitHub repo exposed CISA secrets, enabling high-privilege access
security6 days ago

Public GitHub repo exposed CISA secrets, enabling high-privilege access

Security researchers revealed that a public GitHub repo named Private-CISA exposed plaintext passwords, SSH private keys, tokens, and other sensitive CISA assets since at least November 2025, potentially enabling high-privilege access to AWS GovCloud; the repo is now offline and reportedly managed by Nightwing, a CISA contractor, which has not publicly commented, following earlier CISA missteps including a director uploading sensitive docs to ChatGPT.

via Ars Technica|
#aws-govcloud#cisa#credentials
Microsoft pivots away from Claude Code, bets big on Copilot CLI
tech12 days ago

Microsoft pivots away from Claude Code, bets big on Copilot CLI

Microsoft is winding down Claude Code licenses and transitioning thousands of its developers to GitHub Copilot CLI by the end of June, as part of a broader move to converge on Copilot CLI across the Experiences + Devices group for cost and integration reasons; Claude Code had been popular but undermined Copilot CLI, and Microsoft will continue to support Claude models via Copilot CLI and OpenAI/Anthropic models while investing in Copilot CLI improvements.

via The Verge|
#ai-coding#claude-code#copilot-cli
RPCS3 Urges End to AI-Generated PR Floods on GitHub
technology16 days ago

RPCS3 Urges End to AI-Generated PR Floods on GitHub

RPCS3, the open-source PlayStation 3 emulator, asked its GitHub community to stop submitting AI-generated pull requests, warning that those who do so without disclosure will be banned; the developers said there are plenty of resources to learn debugging and coding rather than producing AI slop that often fails, a sentiment echoed as other projects like Godot Engine deal with similar AI PR floods; RPCS3 has helped make about 70% of the PS3 library playable since 2011.

via Kotaku|
#ai#ai-slop#emulation
GitHub patches sweeping RCE flaw that could expose millions of repos
security27 days ago

GitHub patches sweeping RCE flaw that could expose millions of repos

GitHub fixed CVE-2026-3854, a remote code execution flaw that could let attackers gain full read/write access to private repositories with a single crafted git push. Reported by Wiz in March 2026, GitHub reproduced the issue within 40 minutes and deployed a fix on GitHub.com within two hours, with patches issued for GitHub Enterprise Server across supported releases. The vulnerability affected GitHub.com and multiple GHES products; Wiz warned exploitation could have exposed most enterprises’ codebases. GitHub says no customer data was accessed and no exploitation was observed before the patch, though about 88% of reachable GHES instances were still vulnerable at disclosure, prompting administrators to upgrade promptly.

via BleepingComputer|
#cve-2026-3854#cybersecurity#github
GitHub patches critical AI-discovered RCE in under six hours
technology27 days ago

GitHub patches critical AI-discovered RCE in under six hours

Wiz Research used AI to uncover a critical remote-code-execution vulnerability in GitHub’s internal git infrastructure. GitHub’s security team reproduced the issue within 40 minutes, developed a fix, and deployed it to github.com and GitHub Enterprise Server within about six hours total. No exploitation was found. The flaw was described as remarkably easy to exploit, highlighting the importance of rapid response, and it follows recent outages and reliability concerns at GitHub.

via The Verge|
#ai#bug-bounty#github
Single Git Push Suffices for GitHub Remote Code Execution (CVE-2026-3854)
technology28 days ago

Single Git Push Suffices for GitHub Remote Code Execution (CVE-2026-3854)

Cybersecurity researchers disclosed a critical vulnerability, CVE-2026-3854, affecting GitHub.com and GitHub Enterprise Server that enables remote code execution via a single git push by injecting crafted push options into internal headers. GitHub patched the issue within two hours and released fixes for multiple GHES versions; at disclosure, about 88% of instances were vulnerable, with the risk including cross-tenant access on shared storage. No evidence of active exploitation was found; users are advised to update to the fixed releases immediately. The flaw highlights how unsanitized input in internal protocol data can create a major multi-service attack surface.

via The Hacker News|
#cve-2026-3854#cybersecurity#github
GitHub Copilot adopts usage-based pricing starting June
technology28 days ago

GitHub Copilot adopts usage-based pricing starting June

GitHub will charge Copilot users based on actual AI usage starting June 1, replacing the current fixed-amount quota with monthly AI Credits equal to a subscriber’s plan. Extra usage beyond credits will be billed by token consumption at model-specific rates, with OpenAI GPT model costs varying by complexity. Simple AI suggestions remain free, but Copilot code reviews will incur GitHub Actions minutes. A preview bill tool will estimate charges before rollout, as GitHub says the shift aligns pricing with actual costs and supports sustainable, reliable service amid rising AI compute demand.

via Ars Technica|
#ai-credits#copilot#github
Microsoft’s AI push triggers a sweeping leadership shakeup
tech1 month ago

Microsoft’s AI push triggers a sweeping leadership shakeup

Microsoft is undergoing a sweeping executive exodus as it accelerates its AI strategy, with departures across Teams, security, Gaming, Copilot, Windows and GitHub prompting leadership realignments (e.g., Jacob Andreou taking Copilot lead, Asha Sharma guiding Xbox) and compensation retooling, amid a sliding stock price and intense rival recruitment. The churn also foreshadows broader organizational changes as Amazon and Google push AI initiatives, while product moves—Game Pass price cuts, Xbox mode in Windows 11, and Surface OLED plans—signal a pivot to monetizing AI and services.

via The Verge|
#ai#copilot#github
GitHub Copilot CLI Goes GA, Expands AI in the Terminal
devops1 month ago

GitHub Copilot CLI Goes GA, Expands AI in the Terminal

GitHub has announced Copilot CLI is generally available, extending AI-assisted development into the terminal. The tool offers a Suggest mode to turn natural-language prompts into shell commands or Git operations, and an Explain mode to break down existing scripts. It has evolved to include agent-like features (Explore, Task) and an Autopilot mode for autonomous, multi-step workflows. GPT-5.4 and Claude 4.5 model options are supported. To use Copilot CLI, you need an active Copilot subscription and the latest GitHub CLI, with support for Bash, Zsh, and PowerShell. GitHub emphasizes reduced context switching and requires explicit review before executing commands to curb hallucinations, signaling a major enterprise-friendly push for AI-powered terminal workflows in DevOps.

via infoq.com|
#ai#cli#copilot
Copilot Ads in GitHub PRs Prompt Backlash, Feature Disabled
technology1 month ago

Copilot Ads in GitHub PRs Prompt Backlash, Feature Disabled

Windows Central reports that GitHub Copilot started inserting promotional tips into pull request descriptions, including ads for Copilot and Raycast, a pattern seen in thousands of PRs. After feedback and backlash, GitHub says the behavior has been disabled; the update underscores concerns about AI integrations in code workflows and how training data policies may affect such features.

via windowscentral.com|
#ads#ai#copilot