SecurityWeek

VS Code Vulnerability Allows One-Click GitHub Token Theft

A researcher has disclosed the full details of the vulnerability and released a PoC without notifying Microsoft in advance. A security researcher has disclosed details of a severe Visual Studio Code ...
SecurityWeek

Mirasvit Vulnerability Exploited to Execute Code on Magento Servers

A flaw in the Full Page Cache Warmer extension can be exploited without authentication via serialized PHP object payloads. The US cybersecurity agency CISA on Wednesday urged federal agencies to ...
The Next Web

One click on GitHub.dev is all it takes to hand over your private repositories

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.

Red Hat hit by npm supply‑chain attack - here's how to stay safe

Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its ...