One-click github.dev webview OAuth-token theft (postMessage origin flaw), unpatched + PoC

vulnerability-trend · item:github-dev-oauth-token-theft-2026

Coverage timeline

first 2026-06-04 → last 2026-06-04

Briefs

1 distinct

Sources cited

7 hosts

Sections touched

research

Co-occurring entities

see Related entities below

Story timeline

2026-06-04CTI Daily Brief — 2026-06-04
researchFirst coverage — full-disclosure, unpatched at publish

Where this entity is cited

research1

Source distribution

thehackernews.com2 (25%)
blog.ammaraskar.com1 (12%)
cyberscoop.com1 (12%)
helpnetsecurity.com1 (12%)
securityweek.com1 (12%)
therecord.media1 (12%)
theregister.com1 (12%)

Related entities

Microsoft DCU disrupts Fox Tempest MSaaS — 1,000+ Artifact Signing certs revoked; SDNY court order; downstream Rhysida, INC, Qilin, Akira + Vanilla Tempest, Storm-0501 / 2561 / 0249
incidentitem:microsoft-dcu-disrupts-fox-tempest-malware-signing-as-a-servi×2
Microsoft Defender Experts — AI-chatbot search-poisoning extends SEO lure; GPU-utility lookalikes drop ScreenConnect, then process-hollowed miners (gminer/lolMiner/SRBMiner-MULTI) under signed Microsoft binary
campaignitem:microsoft-ai-chatbot-search-poisoning-cryptojacking-screenconnect-process-hollowing×2
Microsoft MDASH — multi-model agentic vulnerability-discovery harness, 16 Windows CVEs found in network-stack kernel components
toolresearch:microsoft-mdash-2026×2
npm dependency-confusion campaigns targeting internal corporate namespaces (Microsoft 33 pkgs / Sonatype 176 pkgs)
campaignitem:npm-dependency-confusion-internal-namespace-campaigns-ms-sonatype×2
actions-cool/issues-helper GitHub Action compromised — 53 tags moved to imposter commit 1c9e803 reading Runner.Worker /proc/PID/mem for secrets; Mini Shai-Hulud cluster link
incidentitem:actions-cool-issues-helper-github-action-compromised-53-tag×1
FBI PSA260521 warns on Kali365 — Telegram-distributed PhaaS exploiting OAuth device-code flow for persistent M365 token capture bypassing MFA
campaignitem:fbi-psa260521-kali365-phaas-oauth-device-code-m365-mfa-bypass×1
Google Threat Intelligence Group AI Threat Tracker (May 2026) — first AI-generated zero-day exploit ITW; AI-augmented malware (CANFAIL, LONGSTREAM, PROMPTFLUX, HONESTCUE); state-actor Gemini abuse (UNC2814, APT45, APT27, UNC5673)
annual-reportannual-report:gtig-ai-threat-tracker-may-2026×1
M365 Android debug flag (setIsDebugMode) enables silent OAuth-token theft across 6 apps
vulnerability-trenditem:m365-android-debug-flag-oauth-theft-2026×1

All cited sources (8)

Items in briefs about One-click github.dev webview OAuth-token theft (postMessage origin flaw), unpatched + PoC (3)

Enclave: a single debug flag left on in six Microsoft 365 Android apps allowed silent OAuth-token theft

From CTI Daily Brief — 2026-06-04 · published 2026-06-04 · view item permalink →

Researchers at Enclave found a shared Android SDK across six Microsoft 365 apps shipped setIsDebugMode(true) in production, disabling the AccountManager check that restricts token sharing to trusted Microsoft apps — so any co-installed third-party app could silently obtain long-lived OAuth tokens for the signed-in Microsoft identity with no prompt (SecurityWeek, 2026-06-02 · The Hacker News, 2026-06-03). Affected: Word (CVE-2026-41101), PowerPoint (CVE-2026-41102), Excel (CVE-2026-42832), Microsoft 365 Copilot (CVE-2026-41100), Loop and OneNote — collectively billions of installs; Teams was unaffected because its flag was correctly false. Tokens granted read/write to Exchange mail, OneDrive and Calendar. Microsoft fixed all six in the 12 May 2026 cycle; no ITW reported pre-patch. Enforce minimum-version compliance for these apps via Intune/MDM on BYOD fleets and, where logs exist, review AccountManager token requests from non-Microsoft packages.

One-click GitHub OAuth-token theft via github.dev, full-disclosed with PoC; Microsoft patched 3 June

From CTI Daily Brief — 2026-06-04 · published 2026-06-04 · view item permalink →

Independent researcher Ammar Askar published full details and a PoC for a one-click attack on GitHub's browser editor github.dev that extracts the victim's full-scope GitHub OAuth token (read/write to all repos, including private) (Ammar Askar, 2026-06-02 · The Hacker News, 2026-06-04). The attack abuses github.dev's embedded VSCode: a crafted page simulates synthetic keyboard events (keydown injection) to drive the editor into silently installing a malicious workspace extension, which then reads and exfiltrates the OAuth token the editor holds (T1528); Askar notes the technique does not rely on bypassing postMessage origin validation. The token is not scoped to the repo in use. Askar disclosed one hour before publishing, citing prior silent-fix experience with Microsoft; Microsoft shipped a fix on 3 June. Until updated clients are confirmed, avoid github.dev with untrusted extensions installed and watch GitHub audit logs for token use from unexpected IPs/user-agents.

FBI PSA260521 — Kali365 OAuth device-code PhaaS bypasses M365 MFA without credential capture

From CTI Daily Brief — 2026-05-23 · published 2026-05-23 · view item permalink →

The FBI's Internet Crime Complaint Center issued PSA260521 on 2026-05-21 on Kali365, a Telegram-distributed Phishing-as-a-Service platform observed since April 2026 that abuses Microsoft's OAuth 2.0 device-code authorization flow (RFC 8628) to capture persistent access and refresh tokens for M365 accounts while completely bypassing multi-factor authentication (The Register, 2026-05-22 · Help Net Security, 2026-05-22 · The Record, 2026-05-22 · CyberScoop, 2026-05-22). The technique falls under MITRE ATT&CK T1111 (MFA Interception) and T1528 (Steal Application Access Token) but differs structurally from credential phishing: the victim receives a lure impersonating Adobe Acrobat Sign, DocuSign or SharePoint, opens the embedded device code, and enters it on the legitimate login.microsoftonline.com/common/oauth2/deviceauth page; the attacker's registered device then receives both an access and a refresh token bound to that device, granting persistent access to Exchange Online, Teams, OneDrive and SharePoint without any further user interaction or MFA challenge.

A secondary AiTM mode proxies the victim's browser through attacker infrastructure to capture session cookies during a real Microsoft authentication flow when device-code is blocked. Subscriptions cost $250/month or $2,000/year per tenant; AI-generated lures are available in 14 languages with automated campaign templates and real-time tracking dashboards, lowering the technical bar for less capable actors. Observed outcomes since April 2026 — per the four outlets corroborating the FBI PSA — include mailbox exfiltration, lateral phishing, business email compromise and ransomware pre-staging. Detection vantage: Entra ID sign-in logs surface authenticationProtocol = deviceCode events — alert on those from unfamiliar device names or geographies inconsistent with the user's home location, and look for sign-in activity immediately after a device-code event from a different IP. Hardening: block user-interactive device-code flow via Conditional Access's Authentication flows condition (block / require compliant device), enforce FIDO2 phishing-resistant MFA for high-value accounts, and review existing OAuth app consents — public-sector tenants often leave device-code open for legacy device enrolment, and once an attacker holds a refresh token, only Revoke-MgUserSignInSession clears it.

Why it matters to us: the device-code attack path is the single fastest M365 compromise vector that classic phishing-aware users still walk into; Swiss federal, cantonal and public-administration Entra tenants often leave the flow open for kiosk / shared-device enrolment, and the Kali365 commoditisation means small actors can now run it without M365 expertise.