Trending Topics

One-click VS Code GitHub .dev Exploit Leaks Full GitHub Tokens

A newly disclosed attack against GitHub.dev shows how a single malicious link can give an attacker read and write access to every repository a developer can reach. GitHub.dev is the browser-based version of Visual Studio Code that runs in a sandboxed environment, but it still requires a GitHub OAuth token from GitHub.com to commit code and send pull requests directly in the browser. That token is not scoped to a single repository - it carries broad permissions across every repo the user can access, making it a high-value target.

Security researcher Ammar Askar demonstrated that this token can be stolen with almost no user interaction by abusing how VS Code handles webviews and message passing. The exploit runs malicious JavaScript in an untrusted webview, then simulates keypresses in the main editor to open the Command Palette, install a malicious extension, and intercept the OAuth token when GitHub.com posts it into the GitHub.dev session. Once the token is exfiltrated, the attacker can quietly enumerate and access all of the victim's private repositories via the GitHub API.

The attack is aided by a VS Code feature called local workspace extensions, which allows an extension to be installed directly from a .vscode/extensions folder in the workspace without triggering the trusted publisher dialog. By defining extra keybindings in the extension's package.json, the exploit can invoke internal commands - including installing the attacker's own extension while skipping publisher trust checks - without any visible prompt to the user.

All of this flows from a single click on a crafted link that opens a booby-trapped workspace in the victim's browser.

Microsoft has confirmed the issue does not affect the desktop version of VS Code and is specific to the GitHub.dev web environment. GitHub was notified on June 2, 2026, and details were published shortly after, prompting Microsoft to acknowledge the bug and begin work on a fix.

Until a patch lands, developers should treat untrusted repositories and workspaces with caution, be skeptical of links that open GitHub.dev directly, and avoid running unknown extensions or workspace content in the browser.

HTTP/2 Bomb CVE-2026-49975 Lets One Client Exhaust 32GB of Server RAM in Seconds

Researchers in California have detailed a zero-day-style attack called the HTTP/2 Bomb that affects NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora when configured to use HTTP/2. The exploit chains two familiar concepts - a compression bomb and a Slowloris-style hold - into a novel attack against HPACK, the header compression scheme used by HTTP/2.

By sending tiny header references over the wire, the attacker forces the server to allocate large amounts of memory for each request, then uses a zero-byte flow control window to prevent that memory from ever being freed. The amplification is what makes this particularly dangerous. Instead of stuffing a large header value into the compression table - which servers now limit - the attack seeds the table with one header and emits thousands of one-byte indexed references. Each reference costs the attacker one byte but forces the server to allocate tens to thousands of bytes depending on the implementation.

In testing, a single home computer on a 100 Mbps connection could render a vulnerable server unavailable in seconds. One client consumed and pinned roughly 32 GB of memory on Apache HTTPD or Envoy in approximately 20 seconds.

The issue is cataloged as CVE-2026-49975 and has prompted urgent mitigations across affected projects. NGINX has added a max_headers directive in version 1.29.8 and recommends disabling HTTP/2 if upgrading is not immediately possible. Apache has fixed the problem in mod_http2 v2.0.41 and suggests falling back to HTTP/1.1 on older deployments. Microsoft IIS, Envoy, and Cloudflare Pingora do not yet have patches, so administrators are advised to disable HTTP/2 where feasible or place a protective proxy in front that enforces a hard cap on the number of headers per request.

If you are running public-facing web services, now is the time to audit your HTTP/2 settings, cap header counts and decoded size where your stack supports it, and be prepared to temporarily disable HTTP/2 on high-value endpoints until vendor fixes are fully deployed.

Error 524 Decoy Hides Industrial-Scale Smishing and Credit Card Theft

Researchers at Group-IB have uncovered a smishing-driven Phishing-as-a-Service operation active since the second half of 2025, impersonating more than 260 brands across 72 countries and spinning up at least 4,389 phishing domains. The kits are tuned for mobile users and lean heavily on telecom, banking, government, and rewards program lures in regions like Mexico, Chile, and Colombia, where weak SMS anti-spoofing controls and mobile-first usage patterns yield high returns for attackers.

Victims are funneled in through urgent SMS messages with shortened links, then walked through a multi-step flow that collects a national ID number first, then full personal details, and finally complete payment card data including the number, expiry date, and CVV.

What sets this campaign apart is its layered anti-analysis design built around fake Cloudflare error pages - specifically the familiar Error 524 timeout screen. If a visit originates from the wrong country, a non-mobile device, or fails other fingerprint checks, the kit serves only a convincing error page that looks like a broken site. For victims who pass the filters, the page silently loads a Base64-encoded Vue.js single-page application, communicates with a backend over JSON APIs, and opens an encrypted WebSocket channel where binary messages carry stolen identity and card data out in real time. Heartbeat pings track how long each victim stays on the page.

The infrastructure reflects industrial-scale operations. Operators use Cloudflare as a front, with many origin servers on Tencent Cloud and Alibaba US infrastructure alongside other bullet-resistant hosts, making attribution and takedowns harder. Domains follow a clear bulk-registration pattern - cheap TLDs like .ink, .top, .bond, and .cyou paired with brand-mimicking names such as rewards-brand-cl[.]ink or puntos-brand-mx[.]bond, often registered sequentially to keep the operation running as individual sites are reported.

Group-IB maps the tradecraft directly to MITRE ATT&CK techniques, from smishing links and obfuscated SPA payloads to WebSocket-based exfiltration and Cloudflare fronting. Recommended defenses include digital risk protection platforms, brand impersonation monitoring, and user education that explicitly addresses SMS reward and delivery scams - the lures this operation relies on most heavily.

Fortinet Edge Flaws Meet AI-Generated Tooling in Global FortiGate Intrusion Spree

According to Amazon Threat Intelligence, a Russian-speaking, financially motivated actor leveraged multiple commercial generative AI services to scan the internet for FortiGate management interfaces on ports 443, 8443, 10443, and 4443, then systematically tested common or reused credentials wherever MFA was absent. Once inside, they pulled full FortiGate configuration files - which typically contain SSL VPN user credentials, admin logins, IPsec VPN details, and a clear map of network topology - giving them everything needed to walk in through the VPN without burning a single exploit.

The same AI services helped the actor write Python and Go tools to decrypt, parse, and organize stolen data, and to automate VPN logins, scanning, and lateral movement at a scale that would normally require a larger and more skilled team.

Inside victim environments, the actor behaved like a typical pre-ransomware crew - but with AI-generated playbooks in hand. They deployed a custom reconnaissance framework that ingested VPN routes, grouped networks by size, ran port scans with gogo, and fed web services into Nuclei for vulnerability probing, automatically flagging domain controllers, SMB servers, and high-value assets. For post-exploitation, they planned Meterpreter and Mimikatz DCSync operations to dump Active Directory credential databases, followed by pass-the-hash and pass-the-ticket lateral movement, with explicit targeting of Veeam Backup and Replication servers to steal backup credentials and potentially destroy recovery paths before a ransomware strike.

The campaign succeeded because basic perimeter hygiene was missing - and AI made it trivial for a relatively unsophisticated actor to industrialize known techniques. Operational notes recovered by Amazon show the attacker repeatedly failing when they hit patched services, closed ports, or non-standard configurations, then simply moving on to softer targets rather than innovating. That pattern underscores an important point: AI is acting as a force multiplier on scale and speed, not raw skill.

Defenders can close the door on this class of intrusion by addressing fundamentals. Remove FortiGate management interfaces from direct internet exposure, enforce MFA, rotate all VPN and admin credentials, audit configurations for rogue accounts, and monitor for signs of domain replication abuse, suspicious VPN-sourced lateral movement, and anomalous access to backup infrastructure.

China-linked TA4922 Pivots to the UK and Europe with SilentRunLoader and AI-built Malware

Researchers at Proofpoint have observed TA4922, historically active against organizations in Japan, Taiwan, Korea, Singapore, and India, shifting its focus to targets in the UK, Germany, Italy, and South Africa. For UK organizations, the lures are crafted to resemble routine government or business traffic, including emails that imitate tax authorities and reference VAT filings, payroll tax documents, benefits notices, invoices, and regulatory compliance requests. Because these topics mirror everyday processes that finance and HR teams already handle, phishing messages are more likely to slip past suspicion and prompt users to open attachments, click links, or continue the conversation outside email.

Behind these campaigns sits an upgraded malware toolkit. TA4922 is now deploying ValleyRAT (also known as Winos4.0), Atlas RAT, RomulusLoader, and the newer SilentRunLoader, with each tool covering roles such as remote access, payload loading, or browser data theft. SilentRunLoader is a Python-based stealer and loader that targets data stored in Google Chrome - saved credentials, cookies, and browsing history - and exfiltrates it to attacker-controlled infrastructure. In one UK tax-themed campaign, it was hosted on MediaFire and delivered via links in phishing emails.

The group also relies on well-established tradecraft to stay hidden once inside a network. TA4922 uses DLL sideloading, where a malicious DLL is loaded by a legitimate executable, allowing a file that appears to be part of a normal document bundle to execute malware while blending into routine scans. They then abuse legitimate remote management tools such as AnyDesk and SyncFuture to maintain access - using software many organizations already deploy for IT support, so their activity resembles normal administration rather than an intrusion.

Proofpoint analysts believe large language models are helping TA4922 iterate faster. Code comments, strings, and unedited placeholder values in newer Python samples suggest that at least some of the malware - including SilentRunLoader - was likely drafted or refined with LLM assistance, enabling a financially motivated actor to produce and modify tools more quickly without nation-state-level engineering resources.

The group's goals align with profit rather than pure espionage, focusing on remote access, data theft, fraud, access resale, and persistence that could underpin monetization over time. This places TA4922 among a growing set of financially motivated actors that mix phishing, commodity RATs, trusted services, and AI-assisted development to scale operations across new geographies.

For organizations in the UK and Europe, administrative-themed messages about tax filings, payroll, benefits, or compliance can no longer be treated as routine by default. These topics need explicit coverage in phishing awareness training, and any links to file hosting services or unexpected requests for document action should be treated with real caution.