GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...

GitHub Copilot multi-agent support for VS Code launched at Microsoft Build 2026 alongside Project Polaris, an in-house AI ...

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious versions anyway. The CI/CD Trust-Chain Audit Grid maps the six gaps it ...

VS Code might be what you're used to, but there's a lot more to see when it comes to code editors. Here's a few options.

Microsoft has had a VS Code extension for a long time, and it finally came back to bite them.

A script is just a collection of commands saved into a text file (using the special .ps1 extension) that PowerShell understands and executes in sequence to perform different actions. In this post, we ...

VS Code 1.121 was released May 20, 2026, featuring yet another update to Claude Code, becoming more and more a first-class citizen in the VS Code ecosystem. Remote agents can run over SSH or dev ...

Microsoft has released VS Code 1.122 with BYOK support without sign-in, mobile device emulation, and a new issue reporting ...

VS Code agents are now in Stable preview, and the 1.122 update removed the GitHub OAuth requirement from BYOK, letting defense, healthcare, and finance developers run fully air-gapped AI-assisted ...

VS Code 1.120 brings the Agents window to Stable preview. The new window opens from a title-bar button. Agent customizations include Agents, Skills, Instructions, Hooks, MCP Servers and Plugins. It ...

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.

Update May 21: GitHub has now linked this breach to the TanStack npm supply-chain attack and says the employee installed a malicious version of the Nx Console extension. GitHub has confirmed that ...