WinBuzzer

VS Code Exploit Can Steal GitHub Tokens via github.dev

A VS Code exploit for github.dev can steal GitHub OAuth tokens after one malicious link, exposing private repositories while teams await a patch.
Windows Report

New VS Code Zero-Day Lets Attackers Access Private GitHub Repositories

A security researcher has publicly disclosed a new Visual Studio Code zero-day vulnerability that can reportedly let ...
The Hacker News

Microsoft Fixes One-Click GitHub Dev Attack That Let Attackers Steal OAuth Tokens

VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.
The Next Web

One click on GitHub.dev is all it takes to hand over your private repositories

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.
Morning Overview on MSN

GitHub confirms TeamPCP walked off with 3,800 internal repositories — and the gang is auctioning them on a dark-web forum at a minimum price of $50,000

A single browser tab, a single click on “Install,” and a cybercriminal group called TeamPCP was inside GitHub’s own house.
Virtualization Review

How to Create a Free Web Page Using GitHub Pages

Tom Fenton used AI-assisted vibe coding to create and deploy a free, cloud-hosted static web page. GitHub Pages provided a no-cost way to host static HTML content without servers, databases, or paid ...
The Verge

GitHub had a major outage, but now says its services are ‘fully operational’

The issues apparently popped up because of a ‘database infrastructure related change’ that GitHub rolled back. The issues apparently popped up because of a ‘database infrastructure related change’ ...

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.