The Hacker News

Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag

Debug flag disabled Microsoft 365 Android token checks, letting untrusted apps access accounts; patches issued May 12 to ...
Dark Reading

Coding Gaffe Exposes Microsoft 365 Accounts to Widespread Takeover

A disabled security setting meant to protect authentication across Android versions of key apps paved the way for attackers ...
The Next Web

One click on GitHub.dev is all it takes to hand over your private repositories

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.