The Hacker News

Microsoft Fixes One-Click GitHub Dev Attack That Let Attackers Steal OAuth Tokens

VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.
note

[Security Explanation] Can a repository be hijacked with one click? The surprising vulnerability that existed in the browser version of VSCode (github.dev)

Hello! I share information on the basics of IT technology and how to apply it in practice in an easy-to-understand way. In this article, I will explain a shocking vulnerability announced in June 2026 ...
note

JavaScript for Beginners #33 | Let's Build a To-Do List ── Add, Delete, and Check Completion

// 1件分のタスク { id: 1, // 識別用のユニークな番号 text: "買い物", // タスクの内容 completed: false // 完了かどうか } // 複数のタスクを配列で管理 [ { id: 1, text: "買い物", completed: false }, { id: 2, text ...

Attack on GitHub.dev steals OAuth token for all repos

The web version of the VS Code editor on GitHub.dev had a security vulnerability that allowed attackers to take over all of a ...
The Next Web

One click on GitHub.dev is all it takes to hand over your private repositories

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.
GitHub

Official Sentry SDKs for JavaScript

This is the next line of Sentry JavaScript SDKs, comprised in the @sentry/ namespace. It will provide a more convenient interface and improved consistency between various JavaScript environments. We ...
Fair Observer

The Indian Subcontinent’s Hindu-Muslim Divide

We rely on your support for our independence, diversity and quality. Fair Observer is a 501(c)(3) independent nonprofit. We are not owned by billionaires or controlled by advertisers. We publish ...