Attack on GitHub.dev steals OAuth token for all repos

The web version of the VS Code editor on GitHub.dev had a security vulnerability that allowed attackers to take over all of a ...
CSO Online

Hole in GitHub’s browser-based VSCode editor could lead to stolen token

Its disclosure raises questions about what security researchers should expect from vendors, and how far in advance of its publication they should notify vendors about a bug.

New GitHub Zero-Day Exposed Developer Tokens to Attackers

A github.dev flaw could let attackers steal GitHub OAuth tokens through a one-click attack, exposing private repositories and ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
XDA Developers on MSN

I replaced Cursor and Antigravity with a completely local VS Code setup, and I missed less than I expected

My self-hosted setup holds up pretty well for my coding tasks ...
MUO on MSN

VS Code finally has a serious rival, and it feels absurdly fast

I switched for speed and stayed for everything else.
GitHub

alefragnani/vscode-pascal-formatter

alefragnani / vscode-pascal-formatter Public Sponsor Notifications You must be signed in to change notification settings Fork 8 Star 39 ...
GitHub

Copilot MCP Search for VS Code

Want remote MCP in ~30s? Try Cloud MCP — paste a URL → OAuth → done. Works with Copilot & Claude (no keys, no terminal).