GitHub Issues Exploited for Repository Takeover via Copilot Vulnerability

Attackers can exploit GitHub Issues by injecting malicious instructions that Copilot automatically processes when a user launches a Codespace from the compromised issue. This technique, identified as part of a broader attack vector, enables potential repository takeover by leveraging prompt injection vulnerabilities in GitHub’s AI-powered Copilot feature. No specific CVE IDs, dates, or technical details such as payload structures were disclosed in the report. The attack targets GitHub’s integrated development environment and AI-assisted coding tools, though the exact scope of affected repositories or users remains unspecified. The impact includes unauthorized access or control over repositories through manipulated Copilot interactions.