The Hacker News

VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks

VS Code 1.123 adds a two-hour delay before extensions auto-update to newer versions when automatic updates are enabled.
Guru3D.com

Malicious VS Code Extension Linked to Theft of 3,800 GitHub Repositories

A reported software supply chain attack involving a malicious Visual Studio Code extension has exposed the growing security risks surrounding modern development environments. According to published ...
Infosecurity-magazine.com

GitHub Breach Traced to Malicious 'Nx Console' VS Code Extension

GitHub has confirmed that a recent breach into its internal repositories was caused by a vulnerability in a Microsoft Visual Studio Code (VS Code) extension called ‘Nx Console.’ The security team at ...
TWCN Tech News

Visual Studio Code – How to download and install VSC

About three years ago Microsoft released a new source code editor for Windows, Linux, and macOS. This was named Visual Studio Code. It is way lighter IDE than various editions of the legendary Visual ...
Visual Studio Magazine

VS Code 1.123 Adds Agent Session Sync, 1M Context Windows

Microsoft released Visual Studio Code 1.123 on June 3, adding agent-focused features, larger model context support, integrated browser updates and a new delay for some automatic extension updates.
Infosecurity-magazine.com

GitHub Confirms Breach of Internal Repositories Via Malicious VS Code Extension

The Microsoft-owed software developer platform, GitHub, has confirmed a third-party has gained unauthorized access to 3800 internal repositories. The breach was detected on May 19 and likely comes ...
Tech Times

Claude Code Plugins Get Official Directory: Anthropic Flags Unverified MCP Risks

Claude Code plugins now have an official Anthropic-managed directory at github.com/anthropics/claude-plugins-official, consolidating 30-plus internal and 15 vetted external Claude Code extensions behi ...
The Tech Edvocate

How to install extensions in VS Code

Spread the love“`html Visual Studio Code (VS Code) has rapidly become one of the most popular code editors in recent years. With its versatility and extensive customization options, it caters to ...
VentureBeat

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed on May 20 that a poisoned VS Code extension installed on an employee’s device gave attackers access to roughly 3,800 internal repositories at the Microsoft-owned code storage and ...
Visual Studio Magazine

VS Code 1.124 Focuses on Agent Autonomy and Parallel Sessions

Microsoft's June 2026 VS Code update turns on Autopilot by default and adds background sending for agent sessions.
Bleeping Computer

GitHub confirms breach of 3,800 repos via malicious VSCode extension

Update May 21: GitHub has now linked this breach to the TanStack npm supply-chain attack and says the employee installed a malicious version of the Nx Console extension. GitHub has confirmed that ...
TechRadar

GitHub confirms breach — thousands of internal repositories hit after employee installs malicious VS Code extension

GitHub confirms an employee’s compromised device led to exfiltration of internal repositories via a poisoned VSCode extension Threat actors TeamPCP are selling an archive of roughly 4,000 repos on the ...