https://invaders.ie/resources/blog/vulnerability/one-click-githubdev-attack-lets-malicious-repos-steal-full-github-tokens Invaders Security en 2026-06-03T14:00:20.563Z One-Click github.dev Attack Lets Malicious Repos Steal Full GitHub Tokens github.dev token stealing, VSCode webview vulnerability, GitHub OAuth token theft, one-click GitHub attack, developer security, malicious VSCode extension https://invaders.ie/resources/blog/vulnerability/flagleft-turns-microsoft-365-android-apps-into-a-silent-account-takeover-path Invaders Security en 2026-06-03T04:24:18.207Z FlagLeft Turns Microsoft 365 Android Apps Into a Silent Account Takeover Path FlagLeft Microsoft 365 Android, Microsoft 365 Android account takeover, FOCI token abuse, debug flag in production, Android token sharing vulnerability, silent Microsoft account takeover https://invaders.ie/resources/blog/threat-hunting-and-intel/llmshare-turns-trusted-ai-domains-into-malware-delivery-infrastructure Invaders Security en 2026-06-03T04:12:35.469Z LLMShare Turns Trusted AI Domains Into Malware Delivery Infrastructure LLMShare, ChatGPT malware delivery, Claude shared conversation malware, malvertising and SEO poisoning, trusted domain abuse, browser-based attacks https://invaders.ie/resources/blog/vulnerability/drupal-postgresql-sqli-shows-how-select-only-injection-becomes-rce Invaders Security en 2026-06-03T03:55:50.185Z Drupal PostgreSQL SQLi shows how SELECT-only injection becomes RCE CVE-2026-9082, Drupal PostgreSQL SQL injection, SELECT-only SQLi to RCE, Drupal JSON:API vulnerability, PostgreSQL session_preload_libraries exploit https://invaders.ie/resources/blog/vulnerability/unfixed-gogs-flaw-can-turn-pull-requests-into-server-side-rce Invaders Security en 2026-06-02T08:09:14.454Z Unfixed Gogs flaw can turn pull requests into server-side RCE Gogs authenticated RCE, Gogs argument injection, Rapid7 Gogs rebase vulnerability, self-hosted Git server security, Gogs no patch