Blog – Page 78 – Cyber Mike

RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN

A vulnerability in GitHub Codespaces could have been exploited by bad actors to seize control of repositories by injecting malicious Copilot instructions in a GitHub issue.
The artificial intelligence (AI)-driven vulnerability has been codenamed RoguePilot by Orca Security. It has since been patched by Microsoft following responsible disclosure.
“Attackers can craft hidden instructions inside a

CarGurus data breach exposes information of 12.4 million accounts

The ShinyHunters extortion group has published personal information in more than 12 million records allegedly stolen from CarGurus, a U.S.-based digital auto platform. […]

Microsoft adds Copilot data controls to all storage locations

Microsoft is expanding data loss prevention (DLP) controls to block the Microsoft 365 Copilot AI assistant from processing confidential Word, Excel, and PowerPoint documents, regardless of their location. […]

‘Arkanix Stealer’ Malware Disappears Shortly After Debut

Written in C++ and Python, the malware exfiltrates system information, browser data, and steals files.

The post ‘Arkanix Stealer’ Malware Disappears Shortly After Debut appeared first on SecurityWeek.

Identity-First AI Security: Why CISOs Must Add Intent to the Equation

AI agents now provision infrastructure and approve actions, but many inherit over-scoped privileges without proper governance. Token Security explains why CISOs must treat agents as identities and add intent-based controls so access is granted only when purpose and context align. […]

UK fines Reddit $19 million for using children’s data unlawfully

The UK Information Commissioner’s Office (ICO) has fined Reddit £14.47 million (over $19.5 million) for collecting and using the personal information of children under 13 without adequate safeguards. […]

VMware Aria Operations Vulnerability Could Allow Remote Code Execution

Broadcom has patched several vulnerabilities in VMware Aria Operations, including high-severity flaws.

The post VMware Aria Operations Vulnerability Could Allow Remote Code Execution appeared first on SecurityWeek.

UAC-0050 Targets European Financial Institution With Spoofed Domain and RMS Malware

A Russia-aligned threat actor has been observed targeting a European financial institution as part of a social engineering attack to likely facilitate intelligence gathering or financial theft, signaling a possible expansion of the threat actor’s targeting beyond Ukraine and into entities supporting the war-torn nation.
The activity, which targeted an unnamed entity involved in regional

CISO Conversations: Timothy Youngblood; 4x Fortune 500 CISO/CSO

Timothy Youngblood was CISO at Dell, CISO at Kimberley-Clark, VP & CISO at McDonald’s, and SVP, CSO & Product Security Officer at T-Mobile.

The post CISO Conversations: Timothy Youngblood; 4x Fortune 500 CISO/CSO appeared first on SecurityWeek.

New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM

The malicious code propagates like a worm, poisons AI assistants, exfiltrates secrets, and contains a destructive dead switch.

The post New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM appeared first on SecurityWeek.

Cyber News