The Hacker News

Microsoft Fixes One-Click GitHub Dev Attack That Let Attackers Steal OAuth Tokens

VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.
The Next Web

One click on GitHub.dev is all it takes to hand over your private repositories

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.
Windows Report

New VS Code Zero-Day Lets Attackers Access Private GitHub Repositories

A security researcher has publicly disclosed a new Visual Studio Code zero-day vulnerability that can reportedly let ...

Attack on GitHub.dev steals OAuth token for all repos

The web version of the VS Code editor on GitHub.dev had a security vulnerability that allowed attackers to take over all of a ...
SecurityWeek

VS Code Vulnerability Allows One-Click GitHub Token Theft

A researcher has disclosed details of a severe VS Code vulnerability that can be exploited to steal GitHub tokens and access ...

Another bug hunter leaks Microsoft exploits in defiance of company’s handling of vulnerability disclosures

D Yet another aggrieved bug hunter has leaked a vulnerability affecting a Microsoft product after becoming disillusioned with ...