Recent research has unveiled a significant vulnerability in the GitHub.dev feature integrated with Microsoft Visual Studio Code (VS Code), enabling a one-click attack that can compromise GitHub OAuth tokens. This flaw allows attackers to gain unauthorized access to a user's repositories, including private ones, simply by enticing the user to click a malicious link. Security researcher Ammar Askar highlighted the severity of the issue, emphasizing that the stolen tokens can facilitate extensive read and write operations on a user's repositories.
For businesses, this vulnerability underscores the critical importance of robust security practices, particularly regarding user authentication and access management. Organizations should educate their developers about the risks associated with OAuth tokens and implement measures such as token expiration, strict permissions, and two-factor authentication. As the line between AI, software development, and cybersecurity continues to blur, this incident serves as a poignant reminder of the evolving threats in the digital landscape, reinforcing the need for heightened vigilance and proactive security measures to protect sensitive data and maintain trust in development platforms.
---
*Originally reported by [The Hacker News](https://thehackernews.com/2026/06/one-click-github-dev-attack-lets.html)*