New GitHub Zero-Day Exposed Developer Tokens to Attackers

A github.dev flaw could let attackers steal GitHub OAuth tokens through a one-click attack, exposing private repositories and ...
The Hacker News

One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens

VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.

Attack on GitHub.dev steals OAuth token for all repos

The web version of the VS Code editor on GitHub.dev had a security vulnerability that allowed attackers to take over all of a ...
The Next Web

One click on GitHub.dev is all it takes to hand over your private repositories

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.
Windows Report

New VS Code Zero-Day Lets Attackers Access Private GitHub Repositories

A security researcher has publicly disclosed a new Visual Studio Code zero-day vulnerability that can reportedly let ...
CSOonline

Failure to verify OAuth tokens enables account takeover on websites

Report shows the importance of ensuring OAuth implementation is secure to protect against identity theft, financial fraud, and access to personal information ...
VentureBeat

Hackers use stolen OAuth access tokens to breach dozens of organization’s internal systems

Join the event trusted by enterprise leaders for nearly two decades. VB Transform brings together the people building real enterprise AI strategy. Learn more Last week, GitHub Security researchers ...

FBI warns of Kali phishing scam hitting Microsoft OAuth tokens

A new phishing kit is being offered on Telegram allowing even newbie hackers an easy way to grab OAuth tokens.
Homeland Security Today

FBI Warns Phishing Kit is Bypassing Microsoft Multi-Factor Authentication Through OAuth Token Hijacking

The Federal Bureau of Investigation (FBI) has issued a Public Service Announcement (PSA) to warn the public about an emerging ...

FBI alert: Outlook, OneDrive and other Microsoft 365 services targeted by new cyber threat

The FBI is alerting the public to a new cyber threat involving a Phishing‑as‑a‑Service kit known as Kali365, which is ...