VulnerabilitiesJun 3, 2026
RT @DarkWebInformer: 🚨 A security researcher has just disclosed a one-click GitHub token-stealin...
Security researcher discloses one-click GitHub token-stealing exploit abusing VS Code vulnerability.
Summary
A security researcher has disclosed a one-click exploit that steals GitHub tokens by abusing a vulnerability in VS Code. The vulnerability allows attackers to extract authentication credentials through a single interaction, potentially compromising developer accounts and access to repositories. This poses a significant supply-chain risk as stolen tokens could be leveraged for unauthorized code access or malicious repository modifications.
Indicators of Compromise
- malware — GitHub token stealer
Entities
VS Code (product)GitHub (product)GitHub Tokens (technology)