New GitHub Zero-Day Exposed Developer Tokens to Attackers

A github.dev flaw could let attackers steal GitHub OAuth tokens through a one-click attack, exposing private repositories and ...
The Next Web

One click on GitHub.dev is all it takes to hand over your private repositories

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.
Security Boulevard

Mini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaign

The post Mini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaign appeared first on Tenable Blog. A self-propagating worm has compromised more than 170 npm and ...
GitHub

ran-codes/code-organizer-vscode

Transform your code files into organized, navigable documents with a table of contents-like structure. Create sections using simple comments, then use VS Code's built-in Outline panel to view and ...
GitHub

Tether your laptop to a remote forward base where Claude Code keeps working.

Moorpost is a CLI + VSCode extension that lets you work locally by default and hand off your Claude Code session to a remote VM with one click when stepping away — laptop sleeps, VM keeps working, you ...