1-Click GitHub Token Theft via VSCode Bug — A Developer Security Wake-Up Call
Just by clicking a link, it's possible for an attacker to steal a GitHub token that can read **and write** to your repos — including private ones. This isn't a hypothetical vulnerability or a "theoretical risk" scenario. Security researcher [Ammar Askar](https://blog.ammaraskar.com/github-token-ste…
