Three cybersecurity stories: Google published working exploit code for an unfixed Chromium Browser Fetch API vulnerability affecting billions of users; TeamPCP stole 3,800 internal GitHub repositories via a poisoned VS Code extension; and Trump Mobile was found leaking customer mailing addresses and emails through an unpatched vulnerability the company ignored after being warned.