A security researcher has released exploit code for a Visual Studio Code (VS Code) zero-day vulnerability that allows attackers to steal GitHub authentication tokens by tricking users into clicking a link. [...]
VS Code zero-day lets hackers steal GitHub tokens in one click
Summary + source link. No paywalls, no tracking.