News Score: Score the News, Sort the News, Rewrite the Headlines

GitHub Copilot: Remote Code Execution via Prompt Injection (CVE-2025-53773) · Embrace The Red

This post is about an important, but also scary, prompt injection discovery that leads to full system compromise of the developer’s machine in GitHub Copilot and VS Code. It is achieved by placing Copilot into YOLO mode by modifying the project’s settings.json file. As described a few days ago with Amp, a vulnerability pattern in agents that might be overlooked is that if an agent can write to files and modify its own configuration or update security-relevant settings it can lead to remote code ...

Read more at embracethered.com

© News Score  score the news, sort the news, rewrite the headlines