devtake.dev
AI Security Hardware Open Source Policy Apple

#oauth

RSS
Related: #supply-chain · 2 #context-ai · 1 #credential-theft · 1 #data-breach · 1 #dev-tools · 1 #github · 1 #google-workspace · 1 #rce · 1 #security · 1 #shinyhunters · 1
Visual Studio Code logo on a dark background
Security·

VS Code's webview sandbox leaks GitHub tokens that read and write every private repo

A disclosed VS Code zero-day lets one click on a malicious github.dev notebook steal a GitHub OAuth token with full read-write access to every private repo.

Vercel logo displayed on the company's security incident bulletin page
Security·

Vercel got breached through a third-party AI tool's OAuth app. Here's what leaked.

A Context.ai compromise let attackers take over a Vercel employee's Google Workspace. Non-sensitive env vars were exposed, and a ShinyHunters persona is asking $2M.