Skip to content
The Nexus
DossierENTITY

Visual Studio Code

Coverage of Visual Studio Code in the Nexus archive.

Earliest in view: Apr 23 · 16:05 UTCMost recent: Jun 8 · 06:08 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYJun 8 · 06:08 UTCTHE HACKER NEWS
    VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks

    Microsoft has introduced a two-hour delay for automatic updates of Visual Studio Code extensions to mitigate software supply chain threats. This change aims to add an extra layer of protection by preventing immediate updates to newly published versions.

  • SECURITYJun 3 · 14:30 UTCTHE REGISTER
    Another bug hunter leaks Microsoft exploits in defiance of company’s handling of vulnerability disclosures

    Ammar Askar, a bug hunter, leaked a vulnerability in Microsoft's Visual Studio Code after becoming disillusioned with the company's handling of security reports. The exploit allows attackers to steal OAuth tokens via malicious extensions, compromising GitHub repos, and was disclosed publicly due to past negative experiences with Microsoft Security Response Center (MSRC).

  • SECURITYJun 3 · 06:50 UTCBLEEPING COMPUTER
    VS Code zero-day lets hackers steal GitHub tokens in one click

    A security researcher disclosed a Visual Studio Code zero-day vulnerability that allows attackers to steal GitHub authentication tokens by tricking users into clicking a malicious link. The exploit code has been released.

  • TECHNOLOGYMay 27 · 12:08 UTCHACKER NEWS
    XLIDE: VBA without excel

    XLIDE is a new tool that allows users to run Visual Basic for Applications (VBA) code in Visual Studio Code without requiring Excel. The project, hosted on GitHub by WilliamSmithEdward, aims to provide a more flexible development environment for VBA automation tasks.

  • SECURITYMay 20 · 16:54 UTCDECRYPT
    GitHub Confirms 3,800 Internal Repos Stolen Through Poisoned VS Code Extension

    GitHub confirmed that 3,800 internal repositories were stolen through a poisoned Visual Studio Code extension. The breach occurred after an employee installed a malicious coding tool, giving TeamPCP access to GitHub's private source code. This incident highlights a significant security vulnerability.

  • SECURITYMay 20 · 14:48 UTCCYBERSCOOP
    GitHub says internal repositories were taken in poisoned VS Code extension attack

    GitHub internal repositories were compromised through a poisoned Visual Studio Code extension, with the company detecting and containing the compromise and rotating critical secrets. The incident underscores growing risks in software development platforms. GitHub assesses that only internal repositories were affected.

  • SECURITYMay 20 · 13:43 UTCHACKER NEWS
    GitHub confirms breach of 3,800 repos via malicious VSCode extension

    GitHub has confirmed a breach of approximately 3,800 repositories due to a malicious Visual Studio Code extension. The incident is related to an ongoing investigation into unauthorized access to GitHub's internal repositories. GitHub is working to address the issue.

  • SECURITYMay 20 · 10:27 UTCTHE REGISTER
    GitHub says internal repos exfiltrated after poisoned VS Code extension attack

    GitHub was compromised due to a malicious Visual Studio Code extension, resulting in the exfiltration of internal repositories. The company is analyzing logs and monitoring for further activity. The incident has raised concerns about the security of private repositories and credentials.

  • SECURITYMay 20 · 08:14 UTCBLEEPING COMPUTER
    GitHub confirms breach of 3,800 repos via malicious VSCode extension

    GitHub experienced a breach of approximately 3,800 internal repositories due to a malicious Visual Studio Code extension installed by an employee. The breach was confirmed by GitHub. The incident highlights security concerns related to third-party extensions.

  • SECURITYMay 20 · 07:52 UTCR/CRYPTOCURRENCY
    GitHub Internal Repositories Breached via VS Code Extension

    GitHub's internal repositories were breached through a Visual Studio Code extension. The breach was reported and GitHub is investigating the incident. The cause of the breach is attributed to a VS Code extension.

  • TECHNOLOGYMay 2 · 19:57 UTCHACKER NEWS
    VS Code inserting 'Co-Authored-by Copilot' into commits regardless of usage

    Visual Studio Code is automatically inserting 'Co-Authored-by Copilot' into Git commits regardless of whether GitHub Copilot was used, raising concerns about incorrect attribution. The change originated from a GitHub pull request and has sparked discussion on Hacker News.

  • SECURITYApr 23 · 16:05 UTCBLEEPING COMPUTER
    New Checkmarx supply-chain breach affects KICS analysis tool

    Hackers compromised Docker images, VSCode, and Open VSX extensions for Checkmarx's KICS analysis tool to steal sensitive data from developer environments. The breach exploits the supply chain to harvest information from affected systems.

Visual Studio Code · Dossier · The Nexus