New Jailbreaks Allow Users to Manipulate GitHub Copilot

Whether by intercepting its traffic or just giving it a little nudge, GitHub's AI assistant can be made to do malicious things it isn't supposed to.

Follow Dark Reading:

January 31, 2025

LATEST SECURITY NEWS & COMMENTARY New Jailbreaks Allow Users to Manipulate GitHub Copilot Whether by intercepting its traffic or just giving it a little nudge, GitHub's AI assistant can be made to do malicious things it isn't supposed to. Healthcare Sector Charts 2 More Ransomware Attacks No ransomware groups have yet to claim responsibility for either attack, and both institutions have yet to reveal what may have been stolen. Automated Pen Testing Is Improving — Slowly The rate of evolution has been glacial, but tools now understand cloud environments and can target Web applications. MORE NEWS / MORE COMMENTARY HOT TOPICS Mirai Variant 'Aquabot' Exploits Mitel Device Flaws Yet another spinoff of the infamous DDoS botnet is exploiting a known vulnerability in active attacks, while its threat actors are promoting it on Telegram for other attackers to use as well, in a DDoS-as-a-service model. Researchers Uncover Lazarus Group Admin Layer for C2 Servers The threat actor is using a sophisticated network of VPNs and proxies to centrally manage command-and-control servers from Pyongyang. The Old Ways of Vendor Risk Management Are No Longer Good Enough Managing third-party risk in the SaaS era demands a proactive, data-driven approach beyond checkbox compliance. Cryptographic Agility's Legislative Possibilities & Business Benefits Quantum computing will bring new security risks. Both professionals and legislators need to use this time to prepare. MORE PRODUCTS & RELEASES Omdia Finds Phishing Attacks Top Smartphone Security Concern for Consumers IT-Harvest Launches HarvestIQ.ai Spectral Capital Files Quantum Cybersecurity Patent Automox Releases Endpoint Management With FastAgent MORE PRODUCTS & RELEASES EDITORS' CHOICE Unpatched Zyxel CPE Zero-Day Pummeled by Cyberattackers VulnCheck initially disclosed the critical command-injection vulnerability (CVE-2024-40891) six months ago, but Zyxel has yet to mention its existence or offer users a patch to mitigate threats. LATEST FROM THE EDGE 7 Tips for Strategically Saying 'No' in Cybersecurity Cybersecurity can't always be "Department of No," but saying yes all the time is not the answer. Here is how to enable innovation gracefully without adding risk to the organization. LATEST FROM DR TECHNOLOGY CrowdStrike Highlights Magnitude of Insider Risk The impetus for CrowdStrike's new professional services came from last year's Famous Chollima threat actors, which used fake IT workers to infiltrate organizations and steal data. LATEST FROM DR GLOBAL Fake Videos of Former First Lady Scam Namibians Amateurish financial scams are common across Africa, and Namibia's influential former first lady, Monica Geingos, has emerged as a particularly effective host body for these messages. WEBINARS Shifting Left: DevSecOps in the Cloud Emerging Technologies and Their Impact on CISO Strategies View More Dark Reading Webinars >> WHITE PAPERS Secure remote access. Simplified. Driving the Future of Work Through Enterprise-Wide SASE 4 Best Practices for Hybrid Security Policy Management Social Engineering: New Tricks, New Threats, New Defenses IDC Analyst Brief: Enhancing Incident Response with Automated Investigation Workflows The State of Asset Security: Uncovering Alarming Gaps & Unexpected Exposures Frost Radar: Cloud Security Posture Management, 2024 View More White Papers >> FEATURED REPORTS Threat Hunting's Evolution: From On-Premises to the Cloud How Enterprises Assess Their Cyber-Risk Effective Asset Management Is Critical to Enterprise Cybersecurity View More Dark Reading Reports >>

Dark Reading Daily -- Published By Dark Reading Operated by TechTarget, Inc. and its subsidiaries, 275 Grove Street, Newton, Massachusetts, 02466 US To opt-out of any future Dark Reading Daily Newsletter emails, please respond here. Thoughts about this newsletter? Give us feedback. Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our Privacy Statement.

© 2025 | TechTarget, Inc. | Privacy Statement | Terms & Conditions | Contact Us