VSCode
Coverage of VSCode in the Nexus archive.
- 1-Click GitHub Token Stealing via a VSCode Bug
A vulnerability in VSCode allows GitHub token stealing with a single click. The article is hosted on a blog and discussed on Hacker News with 332 points and 46 comments.
- A hacker group is poisoning open source code at an unprecedented scale
A hacker group called TeamPCP has breached GitHub through a poisoned VSCode extension installed by a developer, compromising approximately 3,800-4,000 repositories containing GitHub's internal source code. The attack represents an escalation in software supply chain attacks, with TeamPCP now conducting such breaches on a near-weekly basis and extorting victims. The group is attempting to sell GitHub's source code and internal organization data on BreachForums.
- GitHub confirms breach of 3,800 repos via malicious VSCode extension
GitHub has confirmed a breach of approximately 3,800 repositories due to a malicious Visual Studio Code extension. The incident is related to an ongoing investigation into unauthorized access to GitHub's internal repositories. GitHub is working to address the issue.
- Update on "Co-authored-by: Copilot" in commit messages
The article discusses an update on 'Co-authored-by: Copilot' in commit messages on GitHub, with 19 points and 5 comments. The issue is being tracked on the Microsoft VSCode repository. The update is related to commit messages.