Storia in 7 fonti

VS Code Vulnerability Allows One-Click GitHub Token Theft

A researcher has disclosed details of a severe VS Code vulnerability that can be exploited to steal GitHub tokens and access repositories.

Raccontata dainfoworld.combleepingcomputer.comilsoftware.itthehackernews.comthenextweb.comsecurityweek.comcryptobriefing.com

Confronto fonti

6 prospettive sulla stessa storia

AI · summaries

securityweek.comStai leggendo21 h fa

VS Code Vulnerability Allows One-Click GitHub Token Theft

A researcher has disclosed details of a severe VS Code vulnerability that can be exploited to steal GitHub tokens and access repositories.

originale

bleepingcomputer.com1 g fa

VS Code zero-day lets hackers steal GitHub tokens in one click

A security researcher has released exploit code for a Visual Studio Code (VS Code) zero-day vulnerability that allows attackers to steal GitHub authentication tokens by tricking users into clicking a link.

Leggi questa versione → originale

thehackernews.com1 g fa

One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens

VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.

Leggi questa versione → originale

cryptobriefing.com11 h fa

Microsoft fixes severe VS Code vulnerability enabling GitHub token theft

Microsoft patched a critical VS Code vulnerability on June 3, 2026, after researcher Ammar Askar revealed a one-click attack stealing GitHub OAuth tokens

Leggi questa versione → originale

infoworld.com2 g fa

Hole in GitHub’s browser-based VSCode editor could lead to stolen token

Its disclosure raises questions about what security researchers should expect from vendors, and how far in advance of its publication they should notify vendors about a bug.

Leggi questa versione → originale

thenextweb.com1 g fa

GitHub.dev flaw lets attackers steal OAuth tokens in one click

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.

Leggi questa versione → originale

Timeline cronologica

1. mercoledì 3 giugno 2026·infoworld.com
   

   Hole in GitHub’s browser-based VSCode editor could lead to stolen token

   Its disclosure raises questions about what security researchers should expect from vendors, and how far in advance of its publication they should notify vendors about a bug.

2. mercoledì 3 giugno 2026·bleepingcomputer.com
   

   VS Code zero-day lets hackers steal GitHub tokens in one click

   A security researcher has released exploit code for a Visual Studio Code (VS Code) zero-day vulnerability that allows attackers to steal GitHub authentication tokens by tricking…

3. mercoledì 3 giugno 2026·ilsoftware.it
   

   Un bug di Visual Studio Code permette il furto dei token GitHub con un clic

   Una vulnerabilità di VS Code consente il furto dei token GitHub tramite github.dev e notebook malevoli. Perché è importante.

4. mercoledì 3 giugno 2026·thehackernews.com
   

   One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens

   VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.

5. mercoledì 3 giugno 2026·thenextweb.com
   

   GitHub.dev flaw lets attackers steal OAuth tokens in one click

   A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.

6. giovedì 4 giugno 2026·securityweek.com
   

   VS Code Vulnerability Allows One-Click GitHub Token Theft

   A researcher has disclosed details of a severe VS Code vulnerability that can be exploited to steal GitHub tokens and access repositories.

7. giovedì 4 giugno 2026·cryptobriefing.com
   

   Microsoft fixes severe VS Code vulnerability enabling GitHub token theft

   Microsoft patched a critical VS Code vulnerability on June 3, 2026, after researcher Ammar Askar revealed a one-click attack stealing GitHub OAuth tokens