The Next Web

One click on GitHub.dev is all it takes to hand over your private repositories

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.
The Hacker News

Microsoft Fixes One-Click GitHub Dev Attack That Let Attackers Steal OAuth Tokens

VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.
GitHub

nx-console-vscode-compromised-teampcp-may-2026.md

description A compromised version (v18.95.0) of the Nx Console VS Code extension — with over 2 million installations — was live for approximately 11 minutes on May 18, 2026 before the Nx team pulled ...
GitHub

NxConsole_VSCode_TeamPCP_Detection.kql

// commit on the official nrwl/nx GitHub repository." // The shell command was disguised as a "routine MCP setup task." // The harvested-credential set the extension targeted is the ...
Bleeping Computer

GitHub confirms breach of 3,800 repos via malicious VSCode extension

Update May 21: GitHub has now linked this breach to the TanStack npm supply-chain attack and says the employee installed a malicious version of the Nx Console extension. GitHub has confirmed that ...
IGN

Every Nintendo Console Tier List

With the reveal of the Switch 2, Nintendo has, at last, finally confirmed the arrival of its latest console. With over 40 years of video game hardware under its belt, we’re very excited to see that it ...