The campaign spans npm, Packagist, Go, and Chrome, using obfuscated JavaScript loaders and VS Code tasks to deliver malware.
GitHub moved the AI coding landscape on Wednesday when it made Kimi K2.7 Code — a Beijing-built, open-weight model from Moonshot AI — generally available in the GitHub Copilot model picker, marking ...
VS Code 1.127 enhances agent session management, introduces per-site browser permissions, and makes browser tools for agents ...
Z.ai has launched ZCode, a free AI coding tool powered by GLM-5.2 that challenges Cursor, Claude Code and GitHub Copilot ...
Stop coding without these extensions ...
Visual Studio Code 1.126 adds AI chat cost tracking, multiple Copilot chats in one session, and a safer Restricted Mode for ...
[UPDATE 04.06.2026 – 23:33 CEST] Microsoft says the issue was mitigated for its services on June 3, 2026, and that no customer action is required; this article has been updated to reflect the current ...
A flaw in Anthropic’s Claude Code GitHub Action let attackers bypass permission checks via a fake bot account and use prompt injection to steal OIDC tokens, gaining write access to any vulnerable ...
A security researcher has disclosed details of a severe Visual Studio Code (VS Code) vulnerability that can be exploited to steal a user’s GitHub token and access their repositories. The vulnerability ...
A security researcher has released exploit code for a Visual Studio Code (VS Code) zero-day vulnerability that allows attackers to steal GitHub authentication tokens by tricking users into clicking a ...
A security researcher has publicly disclosed a new Visual Studio Code zero-day vulnerability that can reportedly let attackers steal GitHub authentication tokens through github.dev. Microsoft has not ...
Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS Code) that makes it possible to steal a user's GitHub token. "Just by clicking a link, it's possible ...