New GitHub Zero-Day Exposed Developer Tokens to Attackers
ID: 2be5320f-2351-5a64-8a75-fa3b91dc240a
STIX ID: report--2be5320f-2351-5a64-8a75-fa3b91dc240a
Feed Name: TechRepublic Security
Threat Score
**Executive Summary:** A zero-day in github.dev's browser-based VSCode webview allowed a malicious repository to load an extension that escaped the webview sandbox and stole GitHub OAuth tokens, potentially granting attackers read and write access to developers' repositories; Microsoft introduced mitigations on June 3 after disclosure.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
