GitHub disabled 73 Microsoft repositories on June 5 after a malicious commit landed in an Azure project, in what researchers described as a supply chain attack aimed at developer workstations and AI ...

The web version of the VS Code editor on GitHub.dev had a security vulnerability that allowed attackers to take over all of a ...

The agent is doing the actual work, and VS Code is just a window.

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.

D Yet another aggrieved bug hunter has leaked a vulnerability affecting a Microsoft product after becoming disillusioned with ...

VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.

The AI company's Bumblebee tool tackles your most urgent question after any supply‑chain advisory: Do your programmers have ...

Starlink controversy, AI psychosis debates, invisible malware takedowns, and dangerous MCP vulnerabilities dominated this ...

I ditched VS Code for Zed instead of going for Google's Antigravity, and now the editor feels genuinely fast ...

The four C&C channels used by GlassWorm, the botnet targeting open source software developers, have been disrupted.

Hackers exfiltrated roughly 3,800 of GitHub Inc.’s internal code repositories after one of its employees installed a poisoned Visual Studio Code extension, the Microsoft Corp.-owned developer platform ...

GitHub confirmed on May 20 that a poisoned VS Code extension installed on an employee’s device gave attackers access to roughly 3,800 internal repositories at the Microsoft-owned code storage and ...