GitHub says hackers stole about 3,800 internal repos after a poisoned VS Code extension hit an employee device ...

A security researcher has publicly disclosed a new Visual Studio Code zero-day vulnerability that can reportedly let ...

A researcher has disclosed details of a severe VS Code vulnerability that can be exploited to steal GitHub tokens and access ...

VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.

Microsoft has released VS Code 1.123 with a new Research Agent, AI session syncing, Chronicle search, browser upgrades, and ...

VS Code 1.123 adds a two-hour delay before extensions auto-update to newer versions when automatic updates are enabled.

D Yet another aggrieved bug hunter has leaked a vulnerability affecting a Microsoft product after becoming disillusioned with ...

Today is Microsoft's June 2026 Patch Tuesday, with security updates for 200 flaws and three publicly disclosed zero-day ...

Microsoft released Visual Studio Code 1.123 on June 3, adding agent-focused features, larger model context support, integrated browser updates and a new delay for some automatic extension updates.

The agent is doing the actual work, and VS Code is just a window.

A VS Code exploit for github.dev can steal GitHub OAuth tokens after one malicious link, exposing private repositories while teams await a patch.

GitHub disabled 73 Microsoft repositories on June 5 after a malicious commit landed in an Azure project, in what researchers described as a supply chain attack aimed at developer workstations and AI ...