The agent is doing the actual work, and VS Code is just a window.

VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.

I ditched VS Code for Zed instead of going for Google's Antigravity, and now the editor feels genuinely fast ...

D Yet another aggrieved bug hunter has leaked a vulnerability affecting a Microsoft product after becoming disillusioned with ...

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.

The web version of the VS Code editor on GitHub.dev had a security vulnerability that allowed attackers to take over all of a ...

GlassWorm poisoned 300 GitHub repositories since 2025, enabling supply chain attacks against developers and organizations.

There's another likely North Korean-linked scam hitting developers and their employers, while snarfing up credentials and ...

To reach protected secrets, the macOS and Linux versions show a fake password dialog, then reuse the captured password to ...

Microsoft has confirmed that it temporarily removed several GitHub repositories after a large-scale malware campaign ...

Today is Microsoft's June 2026 Patch Tuesday, with security updates for 200 flaws, including five publicly disclosed zero-day ...

Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard ...