New GitHub Zero-Day Exposed Developer Tokens to Attackers

A github.dev flaw could let attackers steal GitHub OAuth tokens through a one-click attack, exposing private repositories and ...
InfoWorld

Hole in GitHub’s browser-based VSCode editor could lead to stolen token

Its disclosure raises questions about what security researchers should expect from vendors, and how far in advance of its ...
Compare the Cloud

GitHub VSCode extension breach exposes developer toolchain as a primary attack surface

An unauthorised group calling itself TeamPCP accessed GitHub's internal repositories, targeting VSCode extensions used by millions of developers daily. The incident is the latest in a pattern of ...