The Hacker News

Microsoft Fixes One-Click GitHub Dev Attack That Let Attackers Steal OAuth Tokens

VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.

What the OpenClaw vulnerability reveals about the future of agentic AI security

OpenClaw exposes how autonomous AI agents are reshaping enterprise security risks..
Microsoft

Typosquatted npm packages used to steal cloud and CI/CD secrets

Microsoft has identified an active supply chain attack targeting the npm package ecosystem. On May 28, 2026, a single threat actor operating under the newly created maintainer alias vpmdhaj (a39155771 ...
thearabianpost

Red Hat npm breach exposes cloud secrets

Attackers have compromised Red Hat’s official @redhat-cloud-services namespace on npm, inserting credential-stealing malware into dozens of package releases used in cloud console development and ...
The Hacker News

Hacking Salesforce Sites With an LLM Agent

AI agent exploited Salesforce sites; 263 objects, 55 Apex methods exposed at one portal, leading to PII and file leaks.
Appuals

Fix: Bluetooth Disappeared from Device Manager

Bluetooth can disappear from Device Manager on Windows even when the problem started as a missing toggle in Settings. In some ...
The Next Web

One click on GitHub.dev is all it takes to hand over your private repositories

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.
Microsoft

Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign

Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the @redhat-cloud-services npm scope. The ...
GitHub

acs-javascript-calling-library-release-notes.md

Customer stories Events & webinars Ebooks & reports Business insights GitHub Skills ...