Skip to main content

Tag: visual studio code

6 articles

Developer workstation with code on laptop screen, notes, and coffee cups in a typical office setting.

GitHub Copilot Exposes Vulnerability to AI Safety Bypass

Researchers have made a surprising discovery about GitHub Copilot, finding that it can be vulnerable to AI safety bypasses, even when it refuses harmful prompts in isolation. This weakness emerges when the same objective is embedded in a typical multi-turn IDE session.

Analyst 207
Developer workstation with laptop, terminal, and papers on a clean desk.

Amazon AI Coding Tool Exposes Cloud Credentials to Malicious Git Repos

A security vulnerability in Amazon's AI coding assistant, tracked as CVE-2026-12957, allowed malicious Git repositories to access sensitive cloud credentials, raising concerns about informed consent and user security. The flaw enabled automatic execution of commands with no user prompt required.

Analyst 207
Developer scrutinizes code with concern in a well-lit lab setting.

GitHub Dev Attack Exploits OAuth Tokens

A single click can be all it takes for an attacker to swipe a GitHub token, giving them free rein to read and write to your private repos. Security researcher Ammar Askar warns that a clever exploit in GitHub.dev's web-based editor can turn a harmless link into a token-stealing threat.

Analyst 207
Blurred developer workstation with laptop, smartphone, and tablet nearby.

GitHub Breach Exposes 3,800 Repos to TanStack Supply-Chain Attack

A single malicious Visual Studio Code extension, Nx Console version 18.95.0, was enough to spark a GitHub breach that exposed 3,800 internal repositories to a TanStack supply-chain attack. The poisoned extension was live on marketplaces for just 54 minutes, but long enough to steal credentials from a developer's machine.

Analyst 207
Developer workstation with laptop and monitor showing Visual Studio Code interface with a blurred section, set against a…

GitHub Discloses Breach from Poisoned VS Code Extension

GitHub swiftly detected and contained a security breach that originated from a tainted Visual Studio Code extension, taking immediate action to remove the malicious version and isolate the affected endpoint. The breach appears to be limited to GitHub's internal repositories, with the company rotating critical secrets and conducting a thorough investigation.

Analyst 207
Code editor interface with open plugin panel, generic computer screen and daylight in background.

Nx Console Extension Exploited to Steal Developer Credentials

A malicious version of the popular Nx Console Extension was published to the VS Code Marketplace, compromising over 2.2 million installations and putting developer credentials at risk. Within seconds of opening a workspace, the extension silently fetched and executed a hidden payload, allowing attackers to steal sensitive information.

Analyst 207