A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.
Good UX hides its waste. But it doesn't disappear – it ends up in data centers, supply chains, and telemetry databases.