![IntCyberDigest's tweet photo. ‼️🚨 BREAKING: Another researcher skipped coordinated disclosure entirely and dropped a critical 1-click GitHub token theft in public because he doesn't want to deal with MSRC. In his own words: "I really don't want to deal with MSRC on VSCode bugs."
The bug: just clicking a link can hand an attacker a GitHub token that reads AND writes to all your repos, including private ones. It lives in github[.]dev, GitHub's browser-based VSCode editor, which passes the browser an OAuth token that isn't scoped to a single repo. That token can touch everything you can.
Researcher Ammar Askar found that VSCode's sandboxed "webviews" leak keyboard events to the main editor. A malicious repo opened via one link can simulate keystrokes, install a local extension that skips VSCode's publisher-trust check, and exfiltrate your token. He published a working proof-of-concept.
He says when he reports github[.]dev bugs, GitHub tells him they're out of scope and to go report to MSRC, and a prior VSCode bug he reported was silently fixed with no credit. One commenter summed up the mood: "MSRC has turned into Feedback Hub."](https://pbs.twimg.com/media/HJ1p_C8WwAAXovc.png)
Olivia
Online
Rey Bango 🇺🇦🌻
@reybango
AI & Security | I hack into things sometimes. Opinions are mine. Fortis fortuna adiuvat. Nostalgia is not a strategy. It's a good time to cause a little chaos.
Joined March 2007
5.6K Following
22.5K Followers
65.1K Posts
@msftsecresponse Why is teams now blocking links to articles on the hacker news? This is beyond reprehensible. https://t.co/e0qAgWZ4L4
The fix for Meta's AI bot vulnerability was apparently:
- remove the feature from the UI ❌
- leave the API endpoint accessible ✅
I wish I was joking.
‼️🚨 BREAKING: Another researcher skipped coordinated disclosure entirely and dropped a critical 1-click GitHub token theft in public because he doesn't want to deal with MSRC. In his own words: "I really don't want to deal with MSRC on VSCode bugs."
The bug: just clicking a link can hand an attacker a GitHub token that reads AND writes to all your repos, including private ones. It lives in github[.]dev, GitHub's browser-based VSCode editor, which passes the browser an OAuth token that isn't scoped to a single repo. That token can touch everything you can.
Researcher Ammar Askar found that VSCode's sandboxed "webviews" leak keyboard events to the main editor. A malicious repo opened via one link can simulate keystrokes, install a local extension that skips VSCode's publisher-trust check, and exfiltrate your token. He published a working proof-of-concept.
He says when he reports github[.]dev bugs, GitHub tells him they're out of scope and to go report to MSRC, and a prior VSCode bug he reported was silently fixed with no credit. One commenter summed up the mood: "MSRC has turned into Feedback Hub."
![IntCyberDigest's tweet photo. ‼️🚨 BREAKING: Another researcher skipped coordinated disclosure entirely and dropped a critical 1-click GitHub token theft in public because he doesn't want to deal with MSRC. In his own words: "I really don't want to deal with MSRC on VSCode bugs."
The bug: just clicking a link can hand an attacker a GitHub token that reads AND writes to all your repos, including private ones. It lives in github[.]dev, GitHub's browser-based VSCode editor, which passes the browser an OAuth token that isn't scoped to a single repo. That token can touch everything you can.
Researcher Ammar Askar found that VSCode's sandboxed "webviews" leak keyboard events to the main editor. A malicious repo opened via one link can simulate keystrokes, install a local extension that skips VSCode's publisher-trust check, and exfiltrate your token. He published a working proof-of-concept.
He says when he reports github[.]dev bugs, GitHub tells him they're out of scope and to go report to MSRC, and a prior VSCode bug he reported was silently fixed with no credit. One commenter summed up the mood: "MSRC has turned into Feedback Hub."](https://pbs.twimg.com/media/HJ1qOHoXEAAa6yQ.jpg)
Uhmm... what????
Who to follow
John-David Dalton
@jdalton
Lodash creator • sometimes TC39 delegate • protecting supply chains at https://t.co/eYz05o0Rgu • Ex (Bun, Salesforce, Node core, Electron WG, Microsoft)
Nicholas C. Zakas
@slicknet
Creator of @geteslint. Author. Speaker. Coach. Real estate investor. GitHub Star. INFJ. Blog at @humanwhocodes. @[email protected] bsky: @humanwhocodes.com
Addy Osmani
@addyosmani
Director, @GoogleCloud AI. Gemini ✨ Agents. Prev: Eng. leader, @GoogleChrome • Author • Great user, developer & AI experiences • @GoogleAI @GoogleDeepMind
🚨 Breaking: 31 npm packages from @RedHat have been compromised.
100,000+ weekly downloads affected. The upstream CI/CD pipeline was compromised, with all packages published via GitHub Actions OIDC.
The payload:
⚠️ Reads GitHub Actions runner process memory to extract masked secrets
⚠️ Sweeps credentials across AWS, GCP, Azure, K8s, Vault, and npm
⚠️ Self-propagating worm that republishes backdoored packages using stolen npm tokens, bypassing 2FA
⚠️ Persists on dev machines via Claude Code settings hijack and VS Code task injection
⚠️ Exfiltrates data through GitHub API commits, blending in with normal git operations
We have responsibly disclosed the incident to the maintainers.
Full technical analysis: https://t.co/63nZYH1cMO
❗️ Over 30 official Red Hat npm packages were compromised. How they got in:
- A Red Hat employee's GitHub account was compromised.
- Attackers pushed "orphan commits" (detached from branch history) straight in, bypassing code review with no pull request.
- Payload "Miasma" (Mini Shai-Hulud variant) steals GitHub/cloud/Vault/SSH/npm secrets. Rotate everything since June 1.
- The commits added a workflow (ci.yaml) + script (_index.js) that abused npm trusted publishing, requesting a real OIDC token to publish backdoored versions.
It's that time of year again - the time we get to figure out how to secure whatever is they released at Microsoft Build
Best of luck everyone 😅
Want to practice pentesting? Joas A Santos just posted a huge list of purpose vulnerable systems on LinkedIn. 🔥
https://t.co/X826kdueIn
@bohops There are some amazing people in MSRC
When it comes to support and similar, it's been pretty universal that the majority of places are designed in a way that penalizes those who care and do the right thing and rewards those who churn out worthless stats
Don’t forget…
NEW POD UP!! Microsoft threatens legal action against researchers who drop zero-days. We debate whether it’s a fair line against extortion, or amateur-hour PR from a company that already torched its own research community? Costin plays reluctant defender, JAGS says the damage was done years ago, and Ryan reopens the long history of silent fixes and stolen bounties.
(Presented by @Ent_Security)
Plus, on the 10th anniversary of the Shadow Brokers leak, we discuss some enduring mysteries, theories on attribution, and an interesting trail that leads to Edward Snowden.
@craiu @juanandres_gs @Ent_Security
https://t.co/LTXKDshZ9r
This tshirt I made for Symantec Vulnerability Research, a program predating Google Project Zero by nearly a decade where we’d discover, report, & disclose vulnerabilities we found in other people’s software, is 20 years old.
Still holds true: Don’t hate the Finder, hate the vuln
I plan to be at @BlackHatEvents and @defcon this year. Who else will be there? I’m looking forward to reconnecting with friends and making new connections.
Let me know.
At @BsidesHbg yesterday I did a talk about how I built a modular asset discovery framework by using open source tooling to help automate my work when handling large engagements.
That tool is called cygor: https://t.co/5weW4QnQr5
MSRC could've said nothing here and the outcome would've been identical. Instead they torched goodwill for zero benefit.
Silver lining it's pulling attention off Microsofts AI push. Maybe that was the plan all along.
I wonder if a booth at defcon where we pay researchers for Microsoft zero days with crowd sourced funding and then we release it would fly? Make it a contest and whatnot.
Dropping 0day isn’t the worst thing a researcher can do. It’s not ideal, but at least orgs can take steps to mitigate.
Non disclosure is far worse.
What drives researchers toward non disclosure?
Threats from vendors.
Researchers aren’t criminals unless their crime is curiosity.
Speaking of your talents specifically, your ability to distill technical topics into something that’s easily consumable is one of your gifts and you need to capitalize on that. You’ll need to leverage your storytelling to be able to explain the impact of AI-assisted workflows and define what’s the actual impact that these systems are driving. AI can’t do that and the ability to communicate results will be a critical skill.
Last Seen Users on Sotwe
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers