A critical security vulnerability in Visual Studio Code’s webview implementation allows attackers to steal GitHub OAuth tokens granting full read/write access to all of a victim’s repositories, including private ones with nothing more than a single malicious link click. The bug was publicly disclosed on June 2, 2026, by security researcher Ammar Askar, who chose […]
The post 1-Click GitHub Flaw Allows Attackers to Steal OAuth Access Tokens appeared first on Cyber Security News.