The Next Web

One click on GitHub.dev is all it takes to hand over your private repositories

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.

Another bug hunter leaks Microsoft exploits in defiance of company’s handling of ...

Yet another aggrieved bug hunter has leaked a vulnerability affecting a Microsoft product after becoming disillusioned with ...
The Hacker News

One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens

VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.

微软网页版 VS Code 曝安全漏洞:点击链接就能窃取私有仓库 Tokens

IT之家 6 月 3 日消息,安全研究员 Ammar Askar 昨日(6 月 2 日)发布推文,公开了一个概念验证(PoC)漏洞,指出 GitHub 浏览器版 VS Code 存在安全漏洞,用户点击链接后,GitHub OAuth tokens 可能被黑客掌握。 IT之家援引博文介绍,该漏洞受存在于 GitHub 浏览器版 VS Code(github.dev)的 Webview 机制中。Web ...