A VS Code exploit for github.dev can steal GitHub OAuth tokens after one malicious link, exposing private repositories while teams await a patch.

VS Code 1.122 removes the GitHub sign-in blocker for BYOK, making enterprise and offline AI workflows practical. BYOK now supports chat, tools and MCP servers while signed out. The release also ...

A debugging toolkit that provides a unified interface for inspecting, monitoring, and extending your applications. Inspect and debug state and behavior in real time Works with React, Solid, Vanilla JS ...

Update May 21: GitHub has now linked this breach to the TanStack npm supply-chain attack and says the employee installed a malicious version of the Nx Console extension. GitHub has confirmed that ...

VS Code 1.121 was released May 20, 2026, featuring yet another update to Claude Code, becoming more and more a first-class citizen in the VS Code ecosystem. Remote agents can run over SSH or dev ...

Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers exfiltrated code from around 3,800 of the company’s internal repositories. News of ...

GitHub has confirmed that thousands of its internal repositories were breached after an employee installed a malicious Visual Studio Code extension. The incident adds to growing concerns around supply ...

The TeamPCP hacking group accessed the repositories after a GitHub employee installed a poisoned VS Code extension. Microsoft-owned code-hosting platform GitHub on Wednesday morning confirmed that ...