THREATNOIR
Subscribe
Back to Feed
VulnerabilitiesJun 2, 2026

🚨 A security researcher has just disclosed a one-click GitHub token-stealing exploit that abuses...

Security researcher discloses one-click GitHub token-stealing exploit in VS Code webviews

Read at source

Summary

Ammar Askar has disclosed a critical vulnerability affecting GitHub.dev and VS Code webviews that allows attackers to steal GitHub authentication tokens with a single click. The exploit abuses a bug in VS Code's webview implementation, potentially compromising developer credentials and enabling supply chain attacks.

Entities

Microsoft (vendor)VS Code (product)GitHub (product)Ammar Askar (threat_actor)