1-Click GitHub Token Stealing via a VSCode Bug
Author: Ammar Askar Published: June 2, 2026 Source: https://blog.ammaraskar.com/github-token-stealing/ Summary A security researcher discovered a critical vulnerability in VSCode’s webview security model that allows an attacker to steal a victim’s GitHub authentication token — which carries full access to all of their repositories — through a single malicious link. The attack targets github.dev, GitHub’s browser-based … Read more