Grimm

‼️🚨 BREAKING: Another researcher skipped coordinated disclosure entirely and dropped a critical 1-click GitHub token theft in public because he doesn't want to deal with MSRC. In his own words: "I really don't want to deal with MSRC on VSCode bugs." The bug: just clicking a link can hand an attacker a GitHub token that reads AND writes to all your repos, including private ones. It lives in github[.]dev, GitHub's browser-based VSCode editor, which passes the browser an OAuth token that isn't scoped to a single repo. That token can touch everything you can. Researcher Ammar Askar found that VSCode's sandboxed "webviews" leak keyboard events to the main editor. A malicious repo opened via one link can simulate keystrokes, install a local extension that skips VSCode's publisher-trust check, and exfiltrate your token. He published a working proof-of-concept. He says when he reports github[.]dev bugs, GitHub tells him they're out of scope and to go report to MSRC, and a prior VSCode bug he reported was silently fixed with no credit. One commenter summed up the mood: "MSRC has turned into Feedback Hub."

Esto está pasando ahora mismo en la plaza de la virgen de Valencia, han llegado los docentes para acampar. Piden máxima difusión y participación. No los dejemos solos. Menudo ejemplo nos están dando. Que no, que no, que no volem mes retallades, en sanitat o educació. Cuando lo dábamos todo por perdido, muchos resignados ante un DESGOBIERNO ultra de PP y Vox, ha llegado la inteligencia para darnos una lección a todos. Mil vegades gràcies.

This story gets so much worse. Apparently this all started because police were called out for a disturbance after her husband broke their tv out of anger after finding out his brother was killed by Israel in Gaza. The husband is Palestinian. When the police were taking him into custody his wife stopped them because she wanted to accompany him and that is when the officer threw her on the ground for “interference.” The couple was cooperative with the police the entire time and yet this is how they were treated. She delivered the baby prematurely because of the physical trauma on her body but thankfully both she and the baby survived and are in good health. She easily could have miscarried. This entire police department should be investigated and that officer should be arrested and charged with aggravated assault.