Latent Space AI News

1-Click GitHub Token Stealing via a VSCode Bug

rank 0 · 0 points · 1 sources · primary Hacker News Front Page

open source

Summary

A bug in VSCode's webview security model allows attackers to steal GitHub tokens with full access to repositories.

Why it matters

High

Topics

devtoolsgithubsecurity

Related coverage

Hacker News Front Page1-Click GitHub Token Stealing via a VSCode Bug6/3/2026, 7:45:32 PM

Post Stream

Flat, source-grounded posts. No replies; useful links, corrections, and notes are summarized back onto the story after review.

Local fixture mode allows posting. Production posting requires Google login and write-rate limits.

No posts have been added to this cluster yet.

Rank history