The Next Web

One click on GitHub.dev is all it takes to hand over your private repositories

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.
The Hacker News

OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack

Codex tokens were exfiltrated via a popular npm package, affecting users since v0.1.82 and enabling persistent account access ...
The Hacker News

Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm

Compromised npm packages targeted Red Hat cloud services, enabling credential theft and expanding supply chain risks.