Here’s how a researcher broke into Microsoft VS Code’s GitHub
This month a researcher was awarded a bug bounty award of an undisclosed amount after he broke into the official GitHub repository of Microsoft Visual Studio Code. A vulnerability in VS Code’s issue management function and a lack of authentication checks enabled the researcher to obtain push access, and write to the repository. […]
Google fixes severe Golang Windows RCE vulnerability
This month Google engineers have fixed two vulnerabilities in the Go language (Golang), including a severe RCE flaw, and a cryptographic weakness. The RCE vulnerability tracked as CVE-2021-3115 mainly impacts Windows users of Go running the ‘go get’ command, due to the default behavior of Windows PATH lookups. […]