The Next Web

One click on GitHub.dev is all it takes to hand over your private repositories

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.

Another bug hunter leaks Microsoft exploits in defiance of company’s handling of vulnerability disclosures

Yet another aggrieved bug hunter has leaked a vulnerability affecting a Microsoft product after becoming disillusioned with ...
InfoWorld

Hole in GitHub’s browser-based VSCode editor could lead to stolen token

Its disclosure raises questions about what security researchers should expect from vendors, and how far in advance of its ...