VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.

IT之家 6 月 3 日消息，安全研究员 Ammar Askar 昨日（6 月 2 日）发布推文，公开了一个概念验证（PoC）漏洞，指出 GitHub 浏览器版 VS Code 存在安全漏洞，用户点击链接后，GitHub OAuth tokens 可能被黑客掌握。 IT之家援引博文介绍，该漏洞受存在于 GitHub 浏览器版 VS Code（github.dev）的 Webview 机制中。Web ...

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.

Yet another aggrieved bug hunter has leaked a vulnerability affecting a Microsoft product after becoming disillusioned with ...

近日，安全研究员 Ammar Askar 公开了一条利用 VSCode 漏洞一键窃取 GitHub Token 的完整攻击链。攻击者无需密码、无需下载恶意程序，只要诱导用户打开一个特制链接，就有机会获取 GitHub ...

Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its ...

Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard ...

Fake Claude Code install sites are pushing malware that steals API keys, developer credentials, crypto wallets, and other ...

A recent Stack Overflow survey found that more than 84% of developers are already using or planning to use AI tools in their workflow. After trying OpenAI Codex for myself, I understand why. Like many ...

Troy baseball has been around since 1911. That’s 115 years. Yet, the Trojans hold a chance to do something Monday they’ve ...

Anthropic releases Claude Opus 4.8 with dynamic workflows, 1,000 parallel subagents, and 3x cheaper fast mode. Here's what ...