VS Code Flaw Enabled One-Click GitHub Token Theft
A vulnerability in GitHub.dev allowed attackers to steal GitHub OAuth tokens with full repo access via a single malicious link. Microsoft patched the flaw within 24 hours.
8 articles tagged with "Developer Security"
A vulnerability in GitHub.dev allowed attackers to steal GitHub OAuth tokens with full repo access via a single malicious link. Microsoft patched the flaw within 24 hours.
Socket researchers identify 73 malicious VS Code extensions on Open VSX tied to GlassWorm campaign. Six already activated to deliver malware through native binaries and obfuscated JavaScript.
GlassWorm campaign expands across Open VSX, npm, and GitHub with invisible Unicode payloads and Solana-based C2. Developers urged to audit dependencies immediately.
Contagious Interview campaign weaponizes fake job interviews to deploy OtterCookie and FlexibleFerret malware. Targets crypto and AI developers for credentials.
GlassWorm supply chain attack spreads via 72 Open VSX extensions using invisible Unicode obfuscation. Targets crypto wallets, API tokens, and CI/CD pipelines.
Researchers discovered five packages on crates.io masquerading as time utilities while exfiltrating developer credentials and API keys to attacker infrastructure.
Supply chain attack targets PHP developers via fake Laravel utilities containing encrypted RAT payload. The malware gains full access to database credentials and API keys.
Microsoft uncovers developer-targeting campaign using fake coding assessments to deliver JavaScript backdoors through VS Code automation triggers and Vercel-hosted payloads.