One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens

Updated on June 3, 2026

Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS Code) that makes it possible to steal a user’s GitHub token.

“Just by clicking a link, it’s possible for an attacker to steal a GitHub token that can read and write to your repos, including private ones,” security researcher Ammar Askar said.

GitHub supports a feature called GitHub.dev that runs as…

Read the rest of the story at Read More

Source: The Hacker News

October 15, 2024 Uncategorized

TrickMo Banking Trojan Can Now Capture A...

October 1, 2024 Uncategorized

New Cryptojacking Attack Targets Docker ...

May 13, 2026 Uncategorized

One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens

Related posts

TrickMo Banking Trojan Can Now Capture A...

New Cryptojacking Attack Targets Docker ...

Microsoft’s MDASH AI System Finds ...

Leave a Comment Cancel reply

Recent News

WhatsApp, Slack Notifications Could Hijack Google Gemini on Android

Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT

Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag

Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479)

One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

Beyond the Zero-Day: See Your Network Like an Attacker | Webinar with HD Moore

Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes

New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare

Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content