A one-click attack targeting GitHub.dev, the browser-based VS Code environment, allows an attacker to steal a victim’s GitHub OAuth token simply by having them click a crafted link. The stolen token grants full read and write access to both public and private repositories. This is particularly dangerous because it requires no malware installation and exploits a legitimate GitHub feature.

Architect’s Take: Audit OAuth token scopes granted to GitHub.dev within your organisation and consider enforcing fine-grained personal access tokens with minimal repository permissions instead of broad OAuth tokens. Ensure developer awareness training covers the risk of clicking unsolicited GitHub.dev links, and review whether your GitHub organisation policies can restrict OAuth app access.

Original advisory: One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens

A one-click attack targeting Microsoft VS Code’s GitHub.dev feature allows an attacker to steal a victim’s GitHub OAuth token simply by tricking them into clicking a crafted link. The stolen token grants read and write access to all repositories the victim can access, including private ones. This poses a significant supply chain risk, as compromised tokens could be used to inject malicious code into codebases.

Architect’s Take: Enforce short-lived, scoped OAuth tokens across your organisation and audit any GitHub Apps or integrations permitted in VS Code. Consider restricting or monitoring use of GitHub.dev in your developer environment policy, and enable GitHub token scanning and push protection to limit the blast radius of any token compromise.

Original advisory: One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens

A vulnerability in AWS’s Kiro agentic IDE (versions prior to 0.11) allows remote unauthenticated attackers to write to execution-sensitive files such as .vscode/tasks.json, which can trigger automatic command execution when a folder is opened. The flaw stems from insufficient access control restrictions in the IDE’s file write tool. This is particularly concerning as it can be exploited via crafted instructions, potentially through AI agent interactions.

Architect’s Take: Ensure all developers using Kiro IDE have updated to version 0.11 or later immediately, and consider enforcing this via endpoint management tooling. Review developer workstation security policies to restrict auto-execution behaviours in IDE environments, particularly for AI-assisted or agentic tooling.

Original advisory: CVE-2026-10591 - Kiro IDE Insufficient File Write Restrictions to Execution-Sensitive Paths