GitHub OAuth Token Theft via VS Code Exploit Resolved by Microsoft
PremiumA single-click payload can exfiltrate GitHub OAuth tokens from vulnerable repos via VS Code workflows.

Loading
§The archiveMon · Wed · FriM · W · F
Every dispatch we've sent. AI-curated, human-reviewed, from 50+ cybersecurity sources.
Follow on LinkedInA single-click payload can exfiltrate GitHub OAuth tokens from vulnerable repos via VS Code workflows.
Attackers could trigger dangerous actions on Google Gemini by poisoned notifications, enabling control over smart devices and calls.
A single code setting bypassed protections exposing billions of Microsoft Android app downloads; immediate review of token/access handling recommended.
Get these articles delivered to your inbox.
Subscribe freeGoogle Android patches address a exploited zero-day plus 123 other flaws; prioritize devices exposed to internet or corporate networks.
Authenticated pull-request variant enables remote code execution. Apply upstream patches and restrict PR flows.
Microsoft SharePoint Server remote code execution vulnerability disclosed and patched as CVE-2026-45659.
Attacker-inserted backdoors via GitHub tags affected numerous Laravel-Lang packages. Audit dependencies and rotate credentials.