The Hacker News

One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens

VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.
TechCrunch

Meet Wander, a StumbleUpon-inspired tool for discovering the ‘small web’

As search becomes increasingly dominated by AI summaries and commercial content, people are experimenting and coming up with ways to make the web feel more human like it used to, building everything ...

Another bug hunter leaks Microsoft exploits in defiance of company’s handling of vulnerability disclosures

Yet another aggrieved bug hunter has leaked a vulnerability affecting a Microsoft product after becoming disillusioned with ...
BankInfoSecurity

XenoRAT Espionage Campaign Targets Afghan Finance Ministry

A suspected Pakistan-linked cyberespionage group targeted Afghanistan's Ministry of Finance in a spear-phishing campaign ...

Open-source software unlocks rapid DNA structure generation and analysis in one workflow

Computational chemists at the University of Amsterdam's Van 't Hoff Institute for Molecular Sciences have developed a ...
The Next Web

One click on GitHub.dev is all it takes to hand over your private repositories

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.