The Next Web

One click on GitHub.dev is all it takes to hand over your private repositories

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.

Home Assistant: Smartphone apps allow takeover by attackers

The companion apps for Android and iOS create a security vulnerability in Home Assistant. Attackers could take over instances.