Microsoft Fixes One-Click GitHub Dev Attack That Let Attackers Steal OAuth Tokens
Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS Code) that makes it possible to steal a user's GitHub token
Stay informed on the latest in security disclosure practices. Keep your data safe with insights and updates on the newest disclosure trends in cybersecurity.
Search across headline titles and summaries.
Background for this topic.
Disclosure in information security means sharing details about vulnerabilities, breaches, or security incidents. This can be done privately with affected parties, coordinated to allow fixes before public release, or fully public, sometimes before patches exist. The method chosen affects how quickly risks are mitigated and how much attackers might exploit the information.
Proper disclosure helps organizations prioritize patching and reduces the window attackers have to exploit flaws. Poorly timed or incomplete disclosure can expose systems to increased risk, while transparent, coordinated disclosure supports effective vulnerability management and trust between researchers and defenders. Understanding disclosure practices is essential for assessing the urgency and reliability of security news.
Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS Code) that makes it possible to steal a user's GitHub token
Cybersecurity researchers have disclosed details of an unpatched issue that could be exploited to disclose a user's NTLMv2 hash to the attacker
AI-driven exploitation timelines are rapidly shrinking, and they are not going to stop shrinking. Vulnerabilities are being discovered, reproduced, and weaponized faster than ever in the history of enterprise security. As a result, the window between a vulnerability being disclosed and indiscriminate exploitation observed across the internet is now measured in hours, not days
Cybersecurity researchers have disclosed details of a spear-phishing campaign likely undertaken by the Pakistan-aligned SideCopy group targeting Afghanistan's Ministry of Finance with an open-source remote access trojan called Xeno RAT
Password manager Dashlane has disclosed that "fewer than" 20 users on the personal subscription plan had their encrypted vaults downloaded following a brute-force attack launched by an unknown party
Cybersecurity researchers have disclosed details of a new malicious supply chain campaign that's targeting developers using OpenAI Codex through a legitimate-looking remote web UI