SecurityBleepingComputer3 days ago

VS Code zero-day lets hackers steal GitHub tokens in one click

1 min read

A security researcher released exploit code for a VS Code zero-day vulnerability that enables attackers to steal GitHub authentication tokens by tricking users into clicking a link. The exploit targets a flaw in VS Code's handling of web links in the editor. Attackers can extract GitHub tokens with minimal user interaction. The vulnerability allows full access to a user's GitHub account. The researcher disclosed the exploit code to improve public awareness. The flaw affects all versions of VS Code prior to version 1.88.0.

Level

Hype check

Tap to vote and see what everyone thinks.

#vscode #github #security

Read full story

More to chew on!

Mobile4 days ago

Google fixes one actively exploited Android zero-day, 124 flaws

Security5 days ago

The Newest Instagram "Exploit" Is the Goofiest I've Seen

Security