// Microsoft 365HIGH
Security researcher Ammar Askar disclosed a vulnerability in Visual Studio Code's github.dev feature that allows attackers to steal GitHub OAuth tokens via malicious workspace extensions, granting access to public and private repositories. Askar published a proof-of-concept exploit within an hour, bypassing coordinated disclosure due to frustration with Microsoft's vulnerability handling process.
// Get alerts for Microsoft 365