The agent is doing the actual work, and VS Code is just a window.

VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.

I ditched VS Code for Zed instead of going for Google's Antigravity, and now the editor feels genuinely fast ...

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.

D Yet another aggrieved bug hunter has leaked a vulnerability affecting a Microsoft product after becoming disillusioned with ...

The web version of the VS Code editor on GitHub.dev had a security vulnerability that allowed attackers to take over all of a ...

GlassWorm poisoned 300 GitHub repositories since 2025, enabling supply chain attacks against developers and organizations.

A likely North Korean threat actor has phished software developers at almost 100 organizations with fake job and code-review ...

GitHub disabled 73 Microsoft repositories on June 5 after a malicious commit landed in an Azure project, in what researchers described as a supply chain attack aimed at developer workstations and AI ...

Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard ...

近日，安全研究员 Ammar Askar 公开了一条利用 VSCode 漏洞一键窃取 GitHub Token 的完整攻击链。攻击者无需密码、无需下载恶意程序，只要诱导用户打开一个特制链接，就有机会获取 GitHub Token，并获得对私有仓库的读写权限。 更具争议的是，在披露漏洞的同时，Askar 还公开炮轰微软安全响应中心（MSRC），称其长期低估 VS Code 安全问题，甚至曾在未给予任 ...