VS Code github.dev zero-day exposed full GitHub OAuth tokens in one click
Researcher Ammar Askar dropped a webview-postMessage exploit on June 2 that steals github.dev OAuth tokens via a single click. Microsoft shipped a stopgap fix the next day.
Stories tagged: #microsoft
Windows Netlogon RCE CVE-2026-41089 now exploited in the wild
Belgium's CCB confirms active exploitation of the CVSS 9.8 Netlogon stack-overflow patched by Microsoft in May. Unauthenticated, no user interaction, domain controller takeover.