One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens (thehackernews.com)
Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS Code) that makes it possible to steal a user's GitHub token.
"Just by clicking a link, it's possible for an attacker to steal a GitHub token that can read and write to your repos, including private ones," security researcher Ammar Askar said.
GitHub supports a feature called GitHub.dev that runs as
"Just by clicking a link, it's possible for an attacker to steal a GitHub token that can read and write to your repos, including private ones," security researcher Ammar Askar said.
GitHub supports a feature called GitHub.dev that runs as
Comments