1-Click GitHub Token Vulnerability Lets Attackers Steal Users’ OAuth Tokens

A critical security vulnerability in Visual Studio Code’s webview implementation allows attackers to steal GitHub OAuth tokens, including read/write access to private repositories, simply by tricking a victim into clicking a single malicious link. The bug was publicly disclosed on June 2, 2026, by security researcher Ammar Askar, who opted for full disclosure after prior […] The post 1-Click GitHub Token Vulnerability Lets Attackers Steal Users’ OAuth Tokens appeared first on Cyber Security News.