Skip to content
The Nexus
DossierENTITY

VS Code

Coverage of VS Code in the Nexus archive.

Earliest in view: May 4 · 21:13 UTCMost recent: Jun 29 · 05:36 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYJun 29 · 05:36 UTCTHE HACKER NEWS
    Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer

    Cybersecurity researchers discovered hijacked npm and Go packages that deploy a Python-based information stealer using VS Code tasks on Windows, Linux, and macOS systems. The attack bypasses common npm execution paths to avoid detection by security measures like those in npm v12.

  • SECURITYJun 4 · 13:37 UTCRECORDED FUTURE NEWS
    Researcher publishes GitHub token-stealing exploit, blames Microsoft’s disclosure process

    Security researcher Ammar Askar published a GitHub token-stealing proof-of-concept exploit on his blog and a public tracker for VS Code issues, notifying GitHub's security contact about an hour before the release. He criticized Microsoft's disclosure process for contributing to the situation.

  • SECURITYMay 21 · 16:00 UTCTHE VERGE
    GitHub faces a fight for its survival at Microsoft

    GitHub is struggling with multiple crises including major outages, security vulnerabilities, and internal code repository breaches following Microsoft's $7.5 billion acquisition in 2018. The platform faces mounting pressure from competitors and internal challenges that threaten its stability. Current and former employees describe a concerning situation for the platform's future.

  • SECURITYMay 21 · 06:54 UTCBLEEPING COMPUTER
    GitHub links repo breach to TanStack npm supply-chain attack

    GitHub disclosed that hackers breached 3,800 internal repositories by exploiting a malicious version of the Nx Console VS Code extension, which was compromised during last week's TanStack npm supply-chain attack. The incident represents a significant security vulnerability in the software development supply chain.

  • SECURITYMay 20 · 08:14 UTCBLEEPING COMPUTER
    GitHub confirms breach of 3,800 repos via malicious VSCode extension

    GitHub experienced a breach of approximately 3,800 internal repositories due to a malicious Visual Studio Code extension installed by an employee. The breach was confirmed by GitHub. The incident highlights security concerns related to third-party extensions.

  • SECURITYMay 20 · 07:52 UTCR/CRYPTOCURRENCY
    GitHub Internal Repositories Breached via VS Code Extension

    GitHub's internal repositories were breached through a Visual Studio Code extension. The breach was reported and GitHub is investigating the incident. The cause of the breach is attributed to a VS Code extension.

  • SECURITYMay 19 · 07:49 UTCTHE HACKER NEWS
    Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer

    A compromised version of the Nx Console extension was published to the Microsoft Visual Studio Code Marketplace, targeting VS Code developers with a credential stealer. The affected extension is rwl.angular-console, version 18.95.0, with over 2.2 million installations. Cybersecurity researchers have flagged this compromise.

  • TECHNOLOGYMay 4 · 21:13 UTCTHE REGISTER
    Microsoft fixes VS Code after app gives Copilot credit for human's work

    Microsoft fixed an issue in VS Code where the Git extension added Copilot as a co-author by default, claiming credit for human-authored code. The change was reversed after user complaints. Developers were not thrilled about the attribution notice.

  • TECHNOLOGYMay 4 · 21:13 UTCTHE REGISTER
    Microsoft fixes VS Code after app gives Copilot credit for human's work

    Microsoft has reversed a change in VS Code that added a default AI attribution notice after user complaints. The change was intended to add attribution for AI-generated code, but developers reported it was being added even when not using Microsoft's Copilot AI assistant. The fix is scheduled to appear in VS Code's upcoming 1.119 release.

VS Code · Dossier · The Nexus