What’s on your mind..?
A newly disclosed Visual Studio Code vulnerability has raised concern among developers and organisations that rely heavily on GitHub and browser-based coding environments. The issue affects VS Code's webview implementation and could allow attackers to steal GitHub OAuth tokens by tricking a user into clicking a malicious link.
A new npm supply-chain incident involving packages under Red Hat's @redhat-cloud-services namespace has once again highlighted how attractive developer ecosystems have become to attackers. Instead of going directly after end users, modern threat actors are increasingly targeting the tools, libraries and publishing pipelines that developers trust every day.
Anthropic's Project Glasswing has revealed something important about the future of cybersecurity: AI can now find serious software vulnerabilities at a speed that traditional patching processes may struggle to match.
GitHub has confirmed a serious internal security incident involving around 3,800 of its own code repositories. According to the company, the breach began after an employee's device was compromised through a malicious Visual Studio Code extension, allowing attackers to steal credentials and gain access to internal GitHub repositories.
If you use Visual Studio Code daily (or you manage developer machines in an organisation), this isn't the kind of advisory to brush off as "just another extension issue." Security researchers have flagged multiple vulnerabilities across widely used VS Code extensions, and the combined install base is enormous. When flaws show up in tools that sit inside your editor, the risk isn't just theoretical, because extensions often have access to your workspace files, local environment, tokens, and internal resources.
Step into a world where web design & development, gaming & retro gaming, and guitar covers & shredding collide! Whether you're looking for expert web development insights, nostalgic arcade action, or electrifying guitar solos, this is the place for you. Now also featuring content on TikTok, we’re bringing creativity, music, and tech straight to your screen. Subscribe and join the ride—because the future is bold, fun, and full of possibilities!
