Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Google Disrupts NetNut Residential Proxy Botnet Exploiting 2 Million Devices
July 3, 2026
AsyncRAT Campaign Leverages ScreenConnect to Evade Detection
July 2, 2026
AsyncRAT Campaign Exploits Cloudflare Tunnels and Python for Malware Delivery
July 2, 2026
Home/CyberSecurity News/Critical Flaw in GitHub Copilot Exposes Sensitive Data
CyberSecurity News

Critical Flaw in GitHub Copilot Exposes Sensitive Data

Key Takeaways A high-severity vulnerability, dubbed “CamoLeak” (CVE-2025-59145), was discovered in GitHub Copilot Chat. The flaw enabled silent exfiltration of sensitive data, including...

Emy Elsamnoudy
Emy Elsamnoudy
April 10, 2026 3 Min Read
31 0

Key Takeaways

  • A high-severity vulnerability, dubbed “CamoLeak” (CVE-2025-59145), was discovered in GitHub Copilot Chat.
  • The flaw enabled silent exfiltration of sensitive data, including source code, API keys, and cloud secrets, from private repositories.
  • The attack leveraged hidden markdown comments and GitHub’s Camo image proxy to bypass security controls.
  • GitHub patched the vulnerability in August 2025 by disabling image rendering in Copilot Chat.

A significant security flaw within GitHub Copilot Chat recently came to light, exposing private repository data to potential exfiltration. Identified as “CamoLeak,” this high-severity vulnerability, tracked as CVE-2025-59145, achieved a CVSS score of 9.6, underscoring its critical nature. Threat actors could exploit this weakness to surreptitiously extract sensitive information like source code, API keys, and cloud secrets without executing any malicious code directly.

Table Of Content

  • Key Takeaways
  • The CamoLeak Attack Chain
  • What You Should Do

The disclosure of CamoLeak in October 2025 by a security researcher followed GitHub’s remediation efforts in August 2025. The fix involved disabling image rendering capabilities within Copilot Chat to neutralize the exploit mechanism, highlighting a growing concern regarding the security implications of AI-assisted development tools.

The CamoLeak Attack Chain

GitHub Copilot Chat is designed to assist developers by analyzing pull requests, including their descriptions, associated code, and repository files, leveraging the developer’s existing access permissions. CamoLeak ingeniously weaponized this trusted access by embedding malicious instructions within GitHub’s invisible markdown comment syntax.

These hidden comments remain unseen by human reviewers in the standard web interface, presenting no visible red flags. However, Copilot would process the raw text input, interpreting the concealed prompt as a legitimate command.

The multi-stage attack unfolded through four distinct phases:

  • An attacker would submit a pull request containing carefully crafted, hidden prompt injection instructions within its description.
  • A developer, possessing access to a private repository, would then instruct Copilot to review this pull request, inadvertently feeding the AI the embedded, malicious instructions.
  • The injected prompt would direct Copilot to scan the codebase for specific sensitive data, such as AWS keys, and then encode any findings using base16.
  • Finally, Copilot would embed this encoded data into pre-signed image addresses. These requests would then be sent to the attacker’s server, allowing the reconstruction of the stolen data character by character as the victim’s browser processed the response.

A particularly sophisticated aspect of the CamoLeak exploit was its ability to circumvent GitHub’s Content Security Policy (CSP). Typically, a CSP prevents images from loading from untrusted external hosts, a crucial defense against data leakage. To bypass this, attackers pre-calculated a dictionary of valid, signed addresses for GitHub’s own Camo image proxy.

Each of these specially crafted addresses would point to a transparent 1×1 pixel hosted on the attacker’s server, with each representing a single encoded character of the exfiltrated data. Because the outbound network traffic was routed through GitHub’s trusted infrastructure, it appeared as routine image loading, effectively bypassing standard network egress controls and remaining undetected.

While CamoLeak specifically targeted GitHub, its underlying methodology poses a broader threat to any AI assistant with privileged system access, including tools like Microsoft 365 Copilot or Google Gemini. The principle remains: if untrusted content can influence an AI’s instruction stream, it creates a covert pathway for data exfiltration.

As traditional security monitoring often fails to detect data exfiltration occurring through trusted channels, cybersecurity providers emphasize the need for evolving defenses. They advocate for stopping attacks at the endpoint to disrupt the kill chain. Solutions such as BlackFog’s ADX platform, for instance, concentrate on monitoring outbound device traffic to block sensitive information from leaving, regardless of whether the transfer is initiated by an attacker or an exploited AI proxy.

What You Should Do

  • Ensure all GitHub Copilot Chat instances are updated to versions released after August 2025 to incorporate the patch for CVE-2025-59145.
  • Implement robust code review processes that include scrutiny for unusual or hidden markdown comments, even in seemingly benign pull requests.
  • Educate developers on the risks of prompt injection in AI-assisted development tools and the importance of verifying content, especially from external contributors.
  • Consider deploying endpoint detection and response (EDR) solutions that monitor outbound network traffic for anomalous data exfiltration attempts, even those using trusted channels.
  • Regularly review and update Content Security Policies (CSPs) and other network egress controls to adapt to new bypass techniques.
  • Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

    Tags:

    AttackCVEExploitHackerPatchSecurityThreatVulnerability

Share Article

Emy Elsamnoudy

Emy Elsamnoudy

Emy is a cybersecurity analyst and reporter specializing in threat hunting, defense strategies, and industry trends. With expertise in proactive security measures, Emily covers the tools and techniques organizations use to detect and prevent cyber attacks. She is a regular speaker at security conferences and has contributed to industry reports on threat intelligence and security operations. Emily's reporting focuses on helping organizations improve their security posture through practical, actionable insights.

Previous Post

ProSpy Malware Impersonates Secure Apps in Middle East Espionage

Next Post

HPE Aruba Private 5G Platform Vulnerability Lets Attackers Steal Credentials

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Ousaban Malware Targets Iberian Banks with Phishing PDFs and VBS Downloader
July 2, 2026
Citrix Bleed (CVE-2023-4966) Critical Vulnerability Actively Exploited
July 2, 2026
DHS Confirms Breach of HSIN Information Sharing Network
July 2, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us