The Hacker News

VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks

Microsoft has announced that Visual Studio Code (VS Code) will apply a two-hour delay before extensions for the integrated development environment (IDE) are updated automatically to a newer version in ...
SecurityWeek

VS Code Vulnerability Allows One-Click GitHub Token Theft

A security researcher has disclosed details of a severe Visual Studio Code (VS Code) vulnerability that can be exploited to steal a user’s GitHub token and access their repositories. The vulnerability ...
Bleeping Computer

VS Code zero-day lets hackers steal GitHub tokens in one click

A security researcher has released exploit code for a Visual Studio Code (VS Code) zero-day vulnerability that allows attackers to steal GitHub authentication tokens by tricking users into clicking a ...