Another bug hunter leaks Microsoft exploits in defiance of company’s handling of ...

Yet another aggrieved bug hunter has leaked a vulnerability affecting a Microsoft product after becoming disillusioned with ...
The Hacker News

One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens

VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.
腾讯网

供应链安全攻防升级:恶意软件清除行动与AI误报噪音双重夹击

A:安全专家建议企业采取多项措施:一是在打击行动结束后立即开展快速扫描,检测恶意制品是否死灰复燃;二是建立精细化微隔离边界,限制攻击横向移动的范围;三是重视信噪比问题,避免因误报噪音导致分析师疲劳而遗漏真实攻击。此外,可考虑引入CVE Lite ...
The Next Web

One click on GitHub.dev is all it takes to hand over your private repositories

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.