CSO Online

Hole in GitHub’s browser-based VSCode editor could lead to stolen token

Its disclosure raises questions about what security researchers should expect from vendors, and how far in advance of its publication they should notify vendors about a bug.
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
The Next Web

One click on GitHub.dev is all it takes to hand over your private repositories

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.
Redmondmag.com

Microsoft 365 Android Coding Error Put Account Tokens at Risk

A coding error in several Microsoft 365 Android apps could have allowed a malicious app on the same device to silently obtain account tokens and act as the signed-in user, according to new research ...
GitHub

Salesforce Extensions for VS Code

This repository contains the source code for Salesforce Extensions for VS Code: the Visual Studio Code (VS Code) extensions for Salesforce DX. If you are interested in contributing, please take a look ...
GitHub

do not require a line in problem reports #39919

VSCode Version: 1.18.0 OS Version: Ubuntu 16.04 LTS Problem matchers currently must provide a line (and will be ignored if they don't). There's however sometimes problems that have no lines, where ...
note

JavaScript for Beginners #32 | Reviewing LocalStorage: The Basics of Saving, Retrieving, and Deleting

In the Web API section, we learned how to retrieve real data from the internet. Starting here, Chapter 7 is the LocalStorage Edition. We touched on LocalStorage in the high score feature in #21, but ...