WinBuzzer

VS Code Exploit Can Steal GitHub Tokens via github.dev

A VS Code exploit for github.dev can steal GitHub OAuth tokens after one malicious link, exposing private repositories while teams await a patch.
Windows Report

New VS Code Zero-Day Lets Attackers Access Private GitHub Repositories

A security researcher has publicly disclosed a new Visual Studio Code zero-day vulnerability that can reportedly let ...
InfoQ

GitHub Leverages AI for More Accurate Code Secret Scanning

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Dany Lepage discusses the architectural ...
Bleeping Computer

GitHub’s new AI-powered tool auto-fixes vulnerabilities in your code

GitHub introduced a new AI-powered feature capable of speeding up vulnerability fixes while coding. This feature is in public beta and automatically enabled on all private repositories for GitHub ...
Opinion
Morning Overview on MSNOpinion

Hackers just walked off with 3,800 of GitHub’s internal code repositories — smuggled out by a single poisoned plugin a GitHub developer trusted

Somewhere inside GitHub, a developer installed a Visual Studio Code extension. It looked like any other productivity plugin in Microsoft’s marketplace. It wasn’t. That single installation gave ...
Morning Overview on MSN

GitHub just confirmed hackers broke into its own code through a poisoned coding tool — slipping in on a developer’s laptop without anyone noticing for days

Sometime in early 2025, an attacker slipped malicious code into a Visual Studio Code extension, and a GitHub employee installed it. For several days, that extension ran quietly on the developer’s ...