VS Code Vulnerability Allows One-Click GitHub Token Theft
A researcher has disclosed the full details of the vulnerability and released a PoC without notifying Microsoft in advance. The post VS Code Vulnerability Allows One-Click GitHub Token Theft appeared first on SecurityWeek.
A security researcher has disclosed details of a severe Visual Studio Code (VS Code) vulnerability that can be exploited to steal a user’s GitHub token and access their repositories.
The vulnerability in Microsoft’s popular code editor was discovered by Ammar Askar, who decided to make the technical details and a PoC exploit public without notifying the tech giant in advance.
The researcher described a previous “horrible experience” when reporting a VS Code vulnerability, which Microsoft patched silently without giving him any credit.
Source: https://www.securityweek.com/vs-code-vulnerability-allows-one-click-github-token-theft/
Related breach coverage
- Mirasvit Vulnerability Exploited to Execute Code on Magento Servers2026-06-04
A flaw in the Full Page Cache Warmer extension can be exploited without authentication via serialized PHP object payloads. The post Mirasvit Vulnerability Exploited to Execute Code on Magento Servers appeared first on SecurityWeek.
- 19-Year-Old Linux Kernel Vulnerability Exposes Systems to Root Access2026-06-01
Proof-of-concept (PoC) exploit code has been released for the CIFSwitch flaw, which allows low-privileged users to escalate to root on vulnerable Linux systems. The post 19-Year-Old Linux Kernel Vulnerability Exposes Systems to Root Access appeared first on SecurityWeek.
- Exploit Code Published for Critical Flowise RCE Vulnerability2026-05-30
The one-click vulnerability allows attackers to execute arbitrary code on self-hosted Flowise servers by tricking users into importing a malicious chatflow. The post Exploit Code Published for Critical Flowise RCE Vulnerability appeared first on SecurityWeek.
- Everest Forms Vulnerability Exploited to Hack WordPress Sites2026-06-08
The flaw allows attackers to execute arbitrary code remotely and has been exploited in the wild for two months. The post Everest Forms Vulnerability Exploited to Hack WordPress Sites appeared first on SecurityWeek.