Microsoft has confirmed that it temporarily removed several GitHub repositories after a large-scale malware campaign ...

Dozens of Microsoft-owned software repositories have been taken offline following a major cyberattack linked to the rapidly ...

VS Code 1.123 adds a two-hour delay before extensions auto-update to newer versions when automatic updates are enabled.

A VS Code exploit for github.dev can steal GitHub OAuth tokens after one malicious link, exposing private repositories while teams await a patch.

GitHub says hackers stole about 3,800 internal repos after a poisoned VS Code extension hit an employee device ...

Security researchers found malicious code buried inside more than 30 of Red Hat's official software packages, built to ...

Compromised npm packages targeted Red Hat cloud services, enabling credential theft and expanding supply chain risks.

For more than a year, a self-propagating worm rode VS Code extensions, npm packages, and stolen developer credentials through ...

A GitHub employee installed a routine VS Code extension update, handed cybercrime group TeamPCP enough access to exfiltrate approximately 3,800 of GitHub's internal source code repositories — everythi ...

GitHub CISO Alexis Wales confirmed Thursday that a poisoned build of the Nx Console Visual Studio Code extension — live on Microsoft's official Visual Studio Marketplace for just 18 minutes on May 18 ...

GitHub says the hackers who breached 3,800 internal repositories gained access via a malicious version of the Nx Console VS Code extension, compromised in last week's TanStack npm supply-chain attack.

GitHub has confirmed that a recent breach into its internal repositories was caused by a vulnerability in a Microsoft Visual Studio Code (VS Code) extension called ‘Nx Console.’ The security team at ...