Cloud Solutions

VS Code Zero-Day Lets Hackers Steal GitHub Tokens in One Click

Security researcher Ammar Askar disclosed a critical VS Code zero-day on 2 June 2026 allowing attackers to steal GitHub OAuth tokens from github.dev in one click — granting full read-write access to all repositories. Microsoft patched server-side on 3 June 2026.

by Mohammad Irfan AslamJune 7, 20267 min read