The Hacker News

VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks

VS Code 1.123 adds a two-hour delay before extensions auto-update to newer versions when automatic updates are enabled.
XDA Developers on MSN

A poisoned VS Code extension led to a GitHub breach, and Microsoft owns every link in the chain

Microsoft has had a VS Code extension for a long time, and it finally came back to bite them.

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...
MSN on MSN

I built a fully local AI coding assistant in Windows with Ollama and VS Code

The only operating cost is electricity.
Visual Studio Magazine

Threat Actors Keep Weaponizing VS Code Extensions

Threat actors continue to probe Visual Studio Code's extension ecosystem, and a late November incident shows how quickly a trusted developer tool can be turned into a supply chain beachhead. In a ...
Memeburn

Hackers Steal 3,800 GitHub Repos Through Fake VS Code Extension

GitHub says hackers stole about 3,800 internal repos after a poisoned VS Code extension hit an employee device ...
Design And Reuse

Agnisys SystemRDL VS Code Extension: A Must-Have for Modern SystemRDL Development

This is exactly where the Agnisys SystemRDL VS Code Extension can really improve your productivity. Designed specifically for ...
Windows Report

New VS Code Zero-Day Lets Attackers Access Private GitHub Repositories

A security researcher has publicly disclosed a new Visual Studio Code zero-day vulnerability that can reportedly let ...
SecurityWeek

VS Code Vulnerability Allows One-Click GitHub Token Theft

A researcher has disclosed details of a severe VS Code vulnerability that can be exploited to steal GitHub tokens and access ...