The Hacker News

One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens

VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.