The Hacker News

Microsoft Fixes One-Click GitHub Dev Attack That Let Attackers Steal OAuth Tokens

VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.
note

[Security Explanation] Can a repository be hijacked with one click? The surprising vulnerability that existed in the browser version of VSCode (github.dev)

Hello! I share information on the basics of IT technology and how to apply it in practice in an easy-to-understand way. In this article, I will explain a shocking vulnerability announced in June 2026 ...
note

JavaScript for Beginners #29 | Let's Build a Weather App

We will build an app that uses a free weather API to display the current weather when a city name is entered. In this lesson, we will use a free weather API called Open-Meteo. There are three reasons ...

Attack on GitHub.dev steals OAuth token for all repos

The web version of the VS Code editor on GitHub.dev had a security vulnerability that allowed attackers to take over all of a ...
The Next Web

One click on GitHub.dev is all it takes to hand over your private repositories

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.
GitHub

JavaScript Game Engines

Learn or level up your 1337 gamedev skills and build amazing games together for web, desktop, or mobile using these HTML5 / JavaScript game engines. Phaser is a fun, free and fast 2D game framework ...
GitHub

A simple, lightweight JavaScript API for handling cookies, client-side.

The npm package has a module field pointing to an ES module variant of the library, mainly to provide support for ES module aware bundlers, whereas its browser field points to an UMD module for full ...
Fair Observer

Middle East News

The IRS recognizes Fair Observer as a section 501(c)(3) registered public charity (EIN: 46-4070943), enabling you to claim a tax deduction.