VS Code 1.123 adds a two-hour delay before extensions auto-update to newer versions when automatic updates are enabled.

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...

Microsoft has released VS Code 1.122 with BYOK support without sign-in, mobile device emulation, and a new issue reporting ...

A security researcher has publicly disclosed a new Visual Studio Code zero-day vulnerability that can reportedly let ...

A github.dev flaw could let attackers steal GitHub OAuth tokens through a one-click attack, exposing private repositories and ...

We are looking for an experienced SAP Commerce Developer (Java) to join a high-performing digital and e-commerce technology team. The successful candidate will play a key role in the design, ...

Its disclosure raises questions about what security researchers should expect from vendors, and how far in advance of its ...

Top GitHub database repositories for SQL tools, data engineering, analytics databases, and open source systems used in modern ...

Sometime in early 2025, an attacker slipped malicious code into a Visual Studio Code extension, and a GitHub employee installed it. For several days, that extension ran quietly on the developer’s ...

Microsoft has had a VS Code extension for a long time, and it finally came back to bite them.

Microsoft released Visual Studio Code 1.123 on June 3, adding agent-focused features, larger model context support, integrated browser updates and a new delay for some automatic extension updates.

A VS Code exploit for github.dev can steal GitHub OAuth tokens after one malicious link, exposing private repositories while teams await a patch.