The Hacker News

Microsoft Fixes One-Click GitHub Dev Attack That Let Attackers Steal OAuth Tokens

VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.
XDA Developers on MSN

Terminal agents are replacing VS Code as the center of my development workflow

The agent is doing the actual work, and VS Code is just a window.

Another bug hunter leaks Microsoft exploits in defiance of company’s handling of ...

D Yet another aggrieved bug hunter has leaked a vulnerability affecting a Microsoft product after becoming disillusioned with ...
techtimes

GitHub CISO Names Nx Console as Root of 3,800-Repo Breach: OpenAI, Grafana Also Hit

GitHub CISO Alexis Wales confirmed Thursday that a poisoned build of the Nx Console Visual Studio Code extension — live on Microsoft's official Visual Studio Marketplace for just 18 minutes on May 18 ...
InfoWorld

8 cutting-edge web development tools you don’t want to miss

Eight innovative tools that are reimagining web applications and how we build them. Welcome to the Great Unbloating.
Redmondmag.com

Supply Chain Attack Hits Microsoft GitHub Repos, AI Coding Tools

GitHub disabled 73 Microsoft repositories on June 5 after a malicious commit landed in an Azure project, in what researchers described as a supply chain attack aimed at developer workstations and AI ...
Dark Reading

Application Security

Explore the latest news and expert commentary on Application Security, brought to you by the editors of Dark Reading ...
SecurityWeek

GlassWorm Botnet Disrupted

The four C&C channels used by GlassWorm, the botnet targeting open source software developers, have been disrupted.
Hackaday

This Week In Security: Ubiquiti Fixes, And FreeBSD Joins The Club You Don’t Want To Join

Ubiquiti released a new security bulletin detailing fixes for six security issues, including one rated 9.1 (critical) and one scoring a perfect 10.0 on the CVE risk scale. The vulnerabilities ...