The Hacker News

Microsoft Fixes One-Click GitHub Dev Attack That Let Attackers Steal OAuth Tokens

VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.

Attack on GitHub.dev steals OAuth token for all repos

The web version of the VS Code editor on GitHub.dev had a security vulnerability that allowed attackers to take over all of a ...

Another bug hunter leaks Microsoft exploits in defiance of company’s handling of vulnerability disclosures

D Yet another aggrieved bug hunter has leaked a vulnerability affecting a Microsoft product after becoming disillusioned with ...
How-To Geek on MSN

I stopped using VS Code after trying this less popular IDE (and it isn't Antigravity)

I ditched VS Code for Zed instead of going for Google's Antigravity, and now the editor feels genuinely fast ...
Infosecurity Magazine

North Korean Hackers Use Fake Coding Tasks to Steal Crypto

To reach protected secrets, the macOS and Linux versions show a fake password dialog, then reuse the captured password to ...
Hosted on MSN

VS Code is the best productivity app on my PC, and I barely use it for coding anymore

When hearing the name "Visual Studio Code," people usually think you're talking about a developer tool. It sounds like it's for programmers who write Python scripts or spend all day debugging ...

Red Hat hit by npm supply‑chain attack - here's how to stay safe

Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its ...

Norks blast 250+ fake job offers to developers over 6 weeks to try and snarf creds and crypto

There's another likely North Korean-linked scam hitting developers and their employers, while snarfing up credentials and ...
JD Supra

When the worm targets the assistant: Miasma turns AI coding agents into the trigger

GitHub disabled 73 repositories across four Microsoft organizations on June 5 after the self-replicating supply-chain campaign known as ...
Opinion
HackadayOpinion

This Week In Security: Messing With AI, 7Zip And Notepad++ Vulnerabilities, HTTP2 Bomb, And More

With the rise of AI coding assistants continuing apparently unabated, some project maintainers have begun striking back. Ars Technica reports on projects putting hostile directions into the ...
Windows Latest

Apple just copied one of Microsoft Edge’s best features and called it Apple Intelligence

While Safari's new AI tab organizer is praised as an Apple Intelligence breakthrough, Microsoft Edge launched a better ...