VS Code 1.123 adds a two-hour delay before extensions auto-update to newer versions when automatic updates are enabled.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered government agencies to secure their systems against a high-severity Oracle WebLogic Server vulnerability that was patched ...

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...

A github.dev flaw could let attackers steal GitHub OAuth tokens through a one-click attack, exposing private repositories and ...

Microsoft has released VS Code 1.122 with BYOK support without sign-in, mobile device emulation, and a new issue reporting ...

A security researcher has publicly disclosed a new Visual Studio Code zero-day vulnerability that can reportedly let ...

We are looking for an experienced SAP Commerce Developer (Java) to join a high-performing digital and e-commerce technology team. The successful candidate will play a key role in the design, ...

Its disclosure raises questions about what security researchers should expect from vendors, and how far in advance of its ...

Sometime in early 2025, an attacker slipped malicious code into a Visual Studio Code extension, and a GitHub employee installed it. For several days, that extension ran quietly on the developer’s ...

Microsoft has had a VS Code extension for a long time, and it finally came back to bite them.

For more than a year, a self-propagating worm rode VS Code extensions, npm packages, and stolen developer credentials through ...

A VS Code exploit for github.dev can steal GitHub OAuth tokens after one malicious link, exposing private repositories while teams await a patch.