The Hacker News

Microsoft Fixes One-Click GitHub Dev Attack That Let Attackers Steal OAuth Tokens

VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.
CSOonline

GitHub admits major source code leak after 3,800 internal repositories breached

Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers exfiltrated code from around 3,800 of the company’s internal repositories. News of ...
The Next Web

One click on GitHub.dev is all it takes to hand over your private repositories

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.
GitHub

Why Nx Console is removed form VSCode Marketplace ? #3139

Customer stories Events & webinars Ebooks & reports Business insights GitHub Skills ...
GitHub

Security: minimumReleaseAge setting for mitigating supply chain attacks on extensions #316867

Note that we also need a way to temporarily bypass the age constraint for a specific extension. Other ecosystems don't really have a good solution for this yet, and it remains an ongoing concern when ...