Skip to content

One-Click Attack on VS Code Steals GitHub OAuth Token

In Brief: A one-click attack on VS Code enables attackers to steal complete GitHub OAuth tokens with read and write access to private repositories.

Security researchers have disclosed a one-click attack via Microsoft Visual Studio Code that allows attackers to steal GitHub OAuth tokens with read and write access. The attack works through GitHub.dev and requires only a click on a malicious link.

Security researcher Ammar Askar has demonstrated a critical vulnerability in the GitHub.dev integration in VS Code. With a simple click on a manipulated link, an attacker can hijack a developer’s GitHub OAuth token — including access credentials for private repositories.

The attack exploits GitHub.dev, a web-based development environment that runs directly in the browser and uses GitHub authentication. Through the integration in VS Code, a malicious link can cause the token to be transmitted to the attacker without the user noticing.

For CISOs, this represents an immediately manageable risk: A stolen GitHub token with read and write access allows attackers to inject code into private repositories, extract secrets, or conduct supply-chain attacks. The vulnerability demonstrates how OAuth flows in developer tools can be vulnerable to social engineering and underscores the need for technical measures such as token rotation, granular permissions, and monitoring of GitHub token usage.


Source: thehackernews.com · Published 3 June 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification via Lumi News Pipeline v1.2.9.

Share on: