One click. Full access to every private repository your developer can reach.
One click. Full access to every private repository your developer can reach.
Researcher Ammar Askar published a working exploit for a VS Code zero-day on June 2 â after going through Microsoft’s disclosure process and losing confidence in the response timeline. He dropped it publicly. Microsoft patched within 24 hours.
The target: GitHub’s browser-based editor, used for quick edits directly in GitHub without a local install. The attack: a malicious Jupyter notebook file dispatches a hidden keyboard shortcut, silently installs a malicious extension, and extracts the user’s GitHub OAuth token. That token has full read-and-write access to every repository the user can reach, including private ones. Attackers used this to access approximately 3,700 internal GitHub repositories before the fix landed.
The uncomfortable part: nobody reads the HTML source inside a Jupyter notebook before opening it. These files are shared in tutorials, research repos, CI pipelines, and colleague messages. The file looks completely harmless. There’s no second prompt, no browser warning, no indication anything happened.
If you manage developers or a software team, three things to check:
Verify the browser-based GitHub editor reflects the June 3 fix. Browser environments update automatically â but ask your development team whether they’ve seen any unexpected extension installations recently.
Audit CI/CD pipeline access. A leaked GitHub token doesn’t just reach one repository â it can trigger workflows, modify pipeline configurations, and push malicious build artifacts downstream to production.
Review how Jupyter notebook files enter your team’s environment. One misclick on an untrusted notebook is enough. No technical skill required from the victim.
This follows a consistent pattern through 2026: developer tooling is the new perimeter. We’ve tracked this arc from malicious VSCode extension attacks in January through AI coding assistant weaponization in May.
Links for a deeper technical dive are in the comments.
For those who want a deeper dive into this topic:
