The Hacker News

VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks

VS Code 1.123 adds a two-hour delay before extensions auto-update to newer versions when automatic updates are enabled.
CSOonline

Hackers can slip ghost commands into the Amazon Q Developer VS Code Extension

The Amazon Q Developer VS Code Extension is reportedly vulnerable to stealthy prompt injection attacks using invisible Unicode Tag characters. According to the author of the “Embrace The Red” blog, ...