![IntCyberDigest's tweet photo. ‼️🚨 BREAKING: Another researcher skipped coordinated disclosure entirely and dropped a critical 1-click GitHub token theft in public because he doesn't want to deal with MSRC. In his own words: "I really don't want to deal with MSRC on VSCode bugs."
The bug: just clicking a link can hand an attacker a GitHub token that reads AND writes to all your repos, including private ones. It lives in github[.]dev, GitHub's browser-based VSCode editor, which passes the browser an OAuth token that isn't scoped to a single repo. That token can touch everything you can.
Researcher Ammar Askar found that VSCode's sandboxed "webviews" leak keyboard events to the main editor. A malicious repo opened via one link can simulate keystrokes, install a local extension that skips VSCode's publisher-trust check, and exfiltrate your token. He published a working proof-of-concept.
He says when he reports github[.]dev bugs, GitHub tells him they're out of scope and to go report to MSRC, and a prior VSCode bug he reported was silently fixed with no credit. One commenter summed up the mood: "MSRC has turned into Feedback Hub."](https://pbs.twimg.com/media/HJ1p_C8WwAAXovc.png)
Olivia
Online
Espen Grøndahl
@28bit
CISO University of Oslo, security, hacking, reversing, electronics, SDR
Norway
Joined August 2010
1.1K Following
98 Followers
340 Posts
The 2026 FIRST TC: Cold Incident Response (13–15 Oct, Oslo) is seeking sponsors to support lunches, refreshments, and the community dinner for ~400 cybersecurity practitioners.
No sponsor booths. No paid talks. Just community. 📩 [email protected]
https://t.co/gEYiM4Vh5f
Bold move, Cotton: Trump administration tells US techies it expects American quantum computer by 2028 https://t.co/RuKgyb4o0y
‼️🚨 BREAKING: Another researcher skipped coordinated disclosure entirely and dropped a critical 1-click GitHub token theft in public because he doesn't want to deal with MSRC. In his own words: "I really don't want to deal with MSRC on VSCode bugs."
The bug: just clicking a link can hand an attacker a GitHub token that reads AND writes to all your repos, including private ones. It lives in github[.]dev, GitHub's browser-based VSCode editor, which passes the browser an OAuth token that isn't scoped to a single repo. That token can touch everything you can.
Researcher Ammar Askar found that VSCode's sandboxed "webviews" leak keyboard events to the main editor. A malicious repo opened via one link can simulate keystrokes, install a local extension that skips VSCode's publisher-trust check, and exfiltrate your token. He published a working proof-of-concept.
He says when he reports github[.]dev bugs, GitHub tells him they're out of scope and to go report to MSRC, and a prior VSCode bug he reported was silently fixed with no credit. One commenter summed up the mood: "MSRC has turned into Feedback Hub."
![IntCyberDigest's tweet photo. ‼️🚨 BREAKING: Another researcher skipped coordinated disclosure entirely and dropped a critical 1-click GitHub token theft in public because he doesn't want to deal with MSRC. In his own words: "I really don't want to deal with MSRC on VSCode bugs."
The bug: just clicking a link can hand an attacker a GitHub token that reads AND writes to all your repos, including private ones. It lives in github[.]dev, GitHub's browser-based VSCode editor, which passes the browser an OAuth token that isn't scoped to a single repo. That token can touch everything you can.
Researcher Ammar Askar found that VSCode's sandboxed "webviews" leak keyboard events to the main editor. A malicious repo opened via one link can simulate keystrokes, install a local extension that skips VSCode's publisher-trust check, and exfiltrate your token. He published a working proof-of-concept.
He says when he reports github[.]dev bugs, GitHub tells him they're out of scope and to go report to MSRC, and a prior VSCode bug he reported was silently fixed with no credit. One commenter summed up the mood: "MSRC has turned into Feedback Hub."](https://pbs.twimg.com/media/HJ1qOHoXEAAa6yQ.jpg)
Google Threat Intelligence Group is dropping our latest AI Threat Tracker report today, which covers several threats we are watching through a variety of means. The report includes some details of the first 0day exploit we've found developed with AI. 1/x https://t.co/klvOrX31xv
Who to follow
Microsoft Edge loads all your saved passwords into memory in cleartext — even when you’re not using them.
Patch now! Instant root on linux: https://t.co/zYTlxJJrrp
gopacket is live! Check it out, it is intended to be a full reimplementation of Impacket in Go (it is in beta please send me bug reports) https://t.co/9XjTickbyA
Windows defender has been compromised.
right now there is a public unpatched exploit that gives any app on your windows PC full system admin access. no password. no popup. nothing
your antivirus doesnt stop it. your antivirus IS the exploit. windows defender is the attack vector
ransomware gangs can use this to encrypt your entire machine and steal every saved password, browser session, and discord token you have. fully patched windows 11. real time protection on
thread
Intel SGX has fallen! Its most important key is in our hands: we extracted the Global Wrapping Key from an instance of the Intel Gemini Lake platform
@Shodanhq You may have a small prompt injection issue. Anthropic's "forbidden" word as SSH banner breaks SSH parsing.
Introducing Claude Code Security, now in limited research preview.
It scans codebases for vulnerabilities and suggests targeted software patches for human review, allowing teams to find and fix issues that traditional tools often miss.
Learn more: https://t.co/n4SZ9EIklG
Update from the Notepad++ author, Don Ho:
'The incident began from June 2025. Multiple independaent security researchers have assessed that the threat acotor is likely a Chinese state-sponsored group, which would explain the highly selective targeting obseved during the campaign.'
#NotepadPlusPlus #Notepad #Compromised #Cyber #Incident
Excited to disclose my research allowing RCE in Kubernetes
It allows running arbitrary commands in EVERY pod in a cluster using a commonly granted "read only" RBAC permission. This is not logged and and allows for trivial Pod breakout.
Unfortunately, this will NOT be patched.
I have used claudecode the recent days to try to fill a gap in the linux/oss ecosystem. Linmon - inspired by sysmon for Windows I have made a monitoring system for Linux. eBPF based - working on Ubuntu/RHEL/Rocky
https://t.co/dEkbUooJpz
Einstein's General Relativity turns 110 today.
On November 25, 1915, Albert Einstein presented the final form of his gravitational field equations to the Prussian Academy of Sciences in Berlin. It became one of the most important scientific breakthroughs of the 20th century.
https://t.co/6ym0VnhKcR
Part 2 of @DomainTools research is out: Inside the Great Firewall Part 2: Technical Infrastructure
https://t.co/RrCCR3muN3
⚠️⚠️ CVE-2025-24813 Apache Tomcat as Actively Exploited with 9.8 CVSS
🎯6.7m+ Results are found on the https://t.co/uLIbgJcaq5 nearly year.
🔗FOFA Link:https://t.co/oBNfnCDUeL
FOFA Query:app="APACHE-Tomcat"
🔖Refer: https://t.co/qcmdTAV5Uq
#OSINT #FOFA #CyberSecurity #Vulnerability
My BSides NoVA talk from Saturday was called “10 Ways to Improve Entra ID Security Quickly”. I focused on the areas that tend to be missed in Entra ID. Talk slides are now posted.
Download the slides: https://t.co/ql1vQlyHre
Most Popular Users
Elon Musk 
@elonmusk
240.5M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.3M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.5M followers
Taylor Swift
@taylorswift13
81.3M followers
Lady Gaga
@ladygaga
72.9M followers
Kim Kardashian
@kimkardashian
69.7M followers
Virat Kohli
@imvkohli
69.7M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.8M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.4M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.6M followers