A critical weakness in GitHub Copilot Chat discovered in June 2025 exposed private source code and secrets to attackers. Rated CVSS 9.6, the vulnerability combined a novel Content Security Policy bypass with remote prompt injection. By embedding hidden prompts in pull requests, attackers could exfiltrate private repository data and control Copilot’s responses, including injecting malicious […] The post GitHub Copilot Flaw Allows Attackers to Steal Source Code from Private Repositories appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
First seen on gbhackers.com
Jump to article: gbhackers.com/github-copilot-flaw/
