The Next Web

One click on GitHub.dev is all it takes to hand over your private repositories

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.
InfoWorld

Attack targeting OpenAI Codex users exposes AI software supply chain risks

The incident highlights how attackers can hide malicious code in software packages that differ from the source code available ...
Bleeping Computer

CISA flags two-year-old Oracle flaw as actively exploited in attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered government agencies to secure their systems against a high-severity Oracle WebLogic Server vulnerability that was patched ...
Morning Overview on MSN

Microsoft just rushed patches for two Defender zero-days code-named 'RedSun' and 'UnDefend' — both already being exploited right now on Windows devices

Microsoft pushed emergency patches this week for two zero-day vulnerabilities in Windows Defender, the antivirus software ...