GitHub Issues Abused in Copilot Attack Leading to Repository Takeover - SecurityWeek

A vulnerability in GitHub Codespaces could have allowed attackers to take over repositories by injecting malicious Copilot instructions in a GitHub issue, a technique dubbed RoguePilot. This attack could lead to the exfiltration of a privileged GITHUB_TOKEN and a full repository takeover, but GitHub has since patched the vulnerability.