Breaking News – Cyber Threats (last 6h)
Generated: 2026-02-24 12:00 PST
- RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN
The Hacker News • 2026-02-24 10:52 • thehackernews.com
A vulnerability in GitHub Codespaces could have been exploited by bad actors to seize control of repositories by injecting malicious Copilot instructions in a GitHub issue.
The artificial intelligence (AI)-driven vulnerability has been codenamed RoguePilot by Orca Security. It has since been patched by Microsoft following responsible disclosure.
“Attackers can craft hidden instructions inside a
https://thehackernews.com/2026/02/roguepilot-flaw-in-github-codespaces.html - CarGurus data breach exposes information of 12.4 million accounts
BleepingComputer • 2026-02-24 10:08 • www.bleepingcomputer.com
The ShinyHunters extortion group has published personal information in more than 12 million records allegedly stolen from CarGurus, a U.S.-based digital auto platform. […]
https://www.bleepingcomputer.com/news/security/cargurus-data-breach-exposes-information-of-124-million-accounts/ - Open Redirects: A Forgotten Vulnerability?, (Tue, Feb 24th)
SANS ISC Diary (full) • 2026-02-24 10:04 • isc.sans.eduIn 2010, OWASP added “Unvalidated Redirects and Forwards” to its Top 10 list and merged it into “Sensitive Data Exposure” in 2013 [owasp1] [owasp2]. Open redirects are often overlooked, and their impact is not always well understood. At first, it does not look like a big deal. The user is receiving a 3xx status code and is being redirected to another URL. That target URL should handle all authentication and access control, regardless of where the data originated.
- Microsoft adds Copilot data controls to all storage locations
BleepingComputer • 2026-02-24 09:30 • www.bleepingcomputer.com
Microsoft is expanding data loss prevention (DLP) controls to block the Microsoft 365 Copilot AI assistant from processing confidential Word, Excel, and PowerPoint documents, regardless of their location. […]
https://www.bleepingcomputer.com/news/microsoft/microsoft-adds-copilot-data-controls-to-all-storage-locations/ - Identity-First AI Security: Why CISOs Must Add Intent to the Equation
BleepingComputer • 2026-02-24 07:02 • www.bleepingcomputer.com
AI agents now provision infrastructure and approve actions, but many inherit over-scoped privileges without proper governance. Token Security explains why CISOs must treat agents as identities and add intent-based controls so access is granted only when purpose and context align. […]
https://www.bleepingcomputer.com/news/security/identity-first-ai-security-why-cisos-must-add-intent-to-the-equation/ - UK fines Reddit $19 million for using children’s data unlawfully
BleepingComputer • 2026-02-24 06:54 • www.bleepingcomputer.com
The UK Information Commissioner’s Office (ICO) has fined Reddit £14.47 million (over $19.5 million) for collecting and using the personal information of children under 13 without adequate safeguards. […]
https://www.bleepingcomputer.com/news/security/uk-fines-reddit-19-million-for-using-childrens-data-unlawfully/ - UAC-0050 Targets European Financial Institution With Spoofed Domain and RMS Malware
The Hacker News • 2026-02-24 06:21 • thehackernews.com
A Russia-aligned threat actor has been observed targeting a European financial institution as part of a social engineering attack to likely facilitate intelligence gathering or financial theft, signaling a possible expansion of the threat actor’s targeting beyond Ukraine and into entities supporting the war-torn nation.
The activity, which targeted an unnamed entity involved in regional
https://thehackernews.com/2026/02/uac-0050-targets-european-financial.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
