The Hacker News

Microsoft Fixes One-Click GitHub Dev Attack That Let Attackers Steal OAuth Tokens

VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.
Memeburn

Hackers Steal 3,800 GitHub Repos Through Fake VS Code Extension

GitHub says hackers stole about 3,800 internal repos after a poisoned VS Code extension hit an employee device ...
Windows Report

New VS Code Zero-Day Lets Attackers Access Private GitHub Repositories

A security researcher has publicly disclosed a new Visual Studio Code zero-day vulnerability that can reportedly let ...
Dark Reading

GitHub 'OpenClaw Deployer' Repo Delivers Trojan Instead

A widespread AI-assisted campaign promoting an OpenClaw Docker deployer package is spreading more than 300 Trojanized GitHub packages targeting developers and gamers alike with a data-stealing Trojan.
CSO Online

GitHub Actions abused by Megalodon attack to slip malicious commits into 5,500 repos

Researchers say the campaign abused compromised access tokens and deploy keys to inject malicious GitHub Actions workflows ...

Attack on GitHub.dev steals OAuth token for all repos

The web version of the VS Code editor on GitHub.dev had a security vulnerability that allowed attackers to take over all of a ...
TechRepublic

How to add a GitHub repository to VS Code

Learn how to add a GitHub repository to VS Code as well as how to install a handy extension to manage pull requests and issues. Virtual Studio Code, also known as VS Code, is one of the most popular ...