Another bug hunter leaks Microsoft exploits in defiance of company’s handling of vulnerability disclosures

D Yet another aggrieved bug hunter has leaked a vulnerability affecting a Microsoft product after becoming disillusioned with ...
The Hacker News

One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens

VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.
TWCN Tech News

Visual Studio Code – How to download and install VSC

About three years ago Microsoft released a new source code editor for Windows, Linux, and macOS. This was named Visual Studio Code. It is way lighter IDE than various editions of the legendary Visual ...

Google AI Studio Cheat Sheet: Features, Pricing, and More

Google AI Studio lets users test Gemini models, build apps, generate media, and export code. Here’s what it does, costs, and ...
techtimes

GitHub CISO Names Nx Console as Root of 3,800-Repo Breach: OpenAI, Grafana Also Hit

GitHub CISO Alexis Wales confirmed Thursday that a poisoned build of the Nx Console Visual Studio Code extension — live on Microsoft's official Visual Studio Marketplace for just 18 minutes on May 18 ...
CSOonline

SAP npm package attack highlights risks in developer tools and CI/CD pipelines

A supply chain attack on SAP-related npm packages has put fresh scrutiny on the developer tools and build workflows that enterprises rely on to produce software. The campaign, referred to as “mini ...
TheServerSide

How to install Visual Studio Code for Java

The Java ecosystem has historically been blessed with great IDEs to work with, including NetBeans, Eclipse and IntelliJ from JetBrains. However, in recent years Microsoft's Visual Studio Code editor ...
Bleeping Computer

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. Evidence ...
Dark Reading

GlassWorm Malware Evolves to Hide in Dependencies

The infamous GlassWorm malware has infected dozens more Open VSX software packages, according to new research. GlassWorm is a family of malware that first emerged last year with the goal of infecting ...
Bleeping Computer

Flaws in popular VSCode extensions expose developers to attacks

Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local ...
The Hacker News

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Cybersecurity researchers have discovered two malicious Microsoft Visual Studio Code (VS Code) extensions that are advertised as artificial intelligence (AI)-powered coding assistants, but also harbor ...
Dark Reading

'Contagious Interview' Attack Now Delivers Backdoor Via VS Code

The North Korean threat actors behind the Contagious Interview campaign are employing a new mechanism that uses Microsoft Visual Studio Code to deliver a previously unseen backdoor that enables remote ...