SecurityWeek

VS Code Vulnerability Allows One-Click GitHub Token Theft

A researcher has disclosed details of a severe VS Code vulnerability that can be exploited to steal GitHub tokens and access ...

And Now I’ve Vibe-Coded a Native Windows 11 App ⭐

The Build 2026 keynote was overly-long, in keeping with tradition. But there was some good news for Windows developers too.
XDA Developers on MSN

VS Code is the best productivity app on my PC, and I barely use it for coding anymore

The best code editor might actually be your best everything editor.
CSO Online

GitHub admits major source code leak after 3,800 internal repositories breached

Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers exfiltrated code from around 3,800 of the company’s internal repositories. News of ...
Visual Studio Magazine

Hands On with the New Agents Window in VS Code 1.120

VS Code 1.120 brings the Agents window to Stable preview. The new window opens from a title-bar button. Agent customizations include Agents, Skills, Instructions, Hooks, MCP Servers and Plugins. It ...
Morning Overview on MSN

The 'mini Shai-Hulud' attack hides inside AI coding agent configs — the first supply chain attack to weaponize Claude Code and VS Code as persistence vectors

On April 29, 2026, someone slipped malicious code into four widely used SAP software packages. Within days, the infection had spread to at least 169 packages across the npm registry, the world’s ...
Bleeping Computer

Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary code on the host system. The security issue is tracked as CVE-2026-26956 and ...