SecurityWeek

VS Code Vulnerability Allows One-Click GitHub Token Theft

A researcher has disclosed details of a severe VS Code vulnerability that can be exploited to steal GitHub tokens and access ...
The Hacker News

VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks

VS Code 1.123 adds a two-hour delay before extensions auto-update to newer versions when automatic updates are enabled.
Windows Report

New VS Code Zero-Day Lets Attackers Access Private GitHub Repositories

A security researcher has publicly disclosed a new Visual Studio Code zero-day vulnerability that can reportedly let ...
Visual Studio Magazine

VS Code 1.123 Adds Agent Session Sync, 1M Context Windows

Microsoft released Visual Studio Code 1.123 on June 3, adding agent-focused features, larger model context support, integrated browser updates and a new delay for some automatic extension updates.
WinBuzzer

VS Code Exploit Can Steal GitHub Tokens via github.dev

A VS Code exploit for github.dev can steal GitHub OAuth tokens after one malicious link, exposing private repositories while teams await a patch.
Dark Reading

Application Security

Explore the latest news and expert commentary on Application Security, brought to you by the editors of Dark Reading ...