Hole in GitHub’s browser-based VSCode editor could lead to stolen token
CSO Online 04.06.2026 01:40
A vulnerability in GitHub’s browser-based VSCode editor could lead to the theft of a developer’s token under certain circumstances, says a researcher.
The issue, revealed this week in a blog by Ammar Askar, has apparently been already addressed by GitHub owner Microsoft. But it raises a questions about both DevOps security, and about the researcher’s allegation that, because Microsoft doesn’t treat bug discoveries seriously, he can justify giving it short notice before openly publishing vulnerabilities he finds.
Angreifer können SolarWinds Web Help Desk lahmlegen
Heise Security 03.06.2026 15:14
Mehrere Sicherheitslücken gefährden SolarWinds Web Help Desk. Ein Sicherheitspatche ist verfügbar.
Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479)
The Hacker News 03.06.2026 13:47
Redis has patched a use-after-free in its blocking-client code that lets an authenticated user run arbitrary OS commands on the machine hosting the database. The flaw was found by an autonomous AI tool built to hunt bugs in large codebases.
Tracked as CVE-2026-23479, the flaw was introduced in Redis 7.2.0 and remained in every stable branch until the May 5 fixes, unnoticed for over two years.
One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens
The Hacker News 03.06.2026 12:58
Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS Code) that makes it possible to steal a user's GitHub token.
"Just by clicking a link, it's possible for an attacker to steal a GitHub token that can read and write to your repos, including private ones," security researcher Ammar Askar said.
GitHub supports a feature called GitHub.dev that runs as
Burst Statistics: Angriffe auf kritische Lücke im populären WordPress-Plugin
Heise Security 03.06.2026 11:34
Angreifer missbrauchen eine kritische Lücke im WordPress-Plugin Burst Statistics. Sie ermöglicht die Übernahme von Instanzen.
Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes
The Hacker News 03.06.2026 10:18
Cybersecurity researchers have disclosed details of an unpatched issue that could be exploited to disclose a user's NTLMv2 hash to the attacker.
Like in the case of CVE-2026-33829, which impacted the Windows Snipping Tool's ms-screensketch: URI handler, the newly flagged issue resides in the search: URI handler, per Huntress.
CVE-2026-33829 refers to a spoofing vulnerability that could expose
Sicherheitsmechanismen in IBM WebSphere Application Server umgehbar
Heise Security 03.06.2026 09:45
Es sind wichtige Sicherheitsupdates für IBM WebSphere Application Server und Business Automation Workflow erschienen.
Lessons from the Canvas cyberattack
CSO Online 03.06.2026 09:00
Canvas cyberattack: Who, what, when, how?
What and when?
New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare
The Hacker News 03.06.2026 08:33
Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora.
The vulnerability has been codenamed HTTP/2 Bomb by Calif.
"The vulnerable behavior exists in each server's default HTTP/2 configuration," the company said, adding it was discovered by OpenAI Codex by chaining