Utopia Tech
One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens
SecurityAI-assisted1 min read

One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens

A critical security vulnerability in Microsoft Visual Studio Code allows attackers to steal GitHub OAuth tokens through a one-click attack. The exploit leverages GitHub.dev functionality and enables unauthorized access to both public and private repositories with read and write permissions.

UT

Utopia Tech

June 3, 2026 · 1 min read

Share

Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS Code) that makes it possible to steal a user's GitHub token. "Just by clicking a link, it's possible for an attacker to steal a GitHub token that can read and write to your repos, including private ones," security researcher Ammar Askar said. GitHub supports a feature called GitHub.dev that runs as

Originally published at thehackernews.com

#Cybersecurity#GitHub#Malware#OAuth#VS Code#Vulnerabilities
Share
▸ Want a deeper look?

Talk to an architect about applying this to your stack.

60-minute technical evaluation, no obligation. We'll map the ideas in this article to your environment.

Schedule the call
▸ Continue reading

More from the journal

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)
Security

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

1 min read

Malicious Notifications Could Trick Google Gemini Users
Security

Malicious Notifications Could Trick Google Gemini Users

1 min read

Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes
Security

Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes

1 min read

All posts
Skip to main content