Researcher publishes GitHub token-stealing exploit, blames Microsoft’s disclosure process

The security researcher, Ammar Askar, released the new proof-of-concept exploit on his personal blog — alongside the public tracker for issues in VS Code — giving a GitHub security contact roughly one...