// Alert

Microsoft 365 threat report

Security researcher Ammar Askar disclosed a vulnerability in Visual Studio Code's github.dev feature that allows attackers to steal GitHub OAuth tokens via malicious workspace extensions, granting access to public and private repositories. Askar published a proof-of-concept exploit within an hour, bypassing coordinated disclosure due to frustration with Microsoft's vulnerability handling process.

// Get alerts for Microsoft 365