Visual Studio Magazine

VS Code Team Member Blames User Trust Decisions in Repo-Based Attacks

In a a robust Hacker News thread sparked by Jamf Threat Labs research, a VS Code team member defended the editor's Workspace ...
Infosecurity Magazine

Malicious Commands in GitHub Codespaces Enable RCE

A set of attack vectors in GitHub Codespaces have been uncovered that enable remote code execution (RCE) by opening a ...
Visual Studio Magazine

Why Copilot's Auto Mode for AI Models Ignores Your Actual Task

Copilot's 'Auto' model picker in VS Code and Visual Studio currently routes to whatever model is most available and policy-compliant--not the one best matched to your prompt--while Microsoft/GitHub ...
InfoWorld

Visual Studio Code update shines on coding agents

Visual Studio Code 1.109 introduces enhancements for providing agents with more skills and context and managing multiple ...
SecurityWeek

VS Code Configs Expose GitHub Codespaces to Attacks

Attackers can abuse VS Code configuration files for RCE when a GitHub Codespaces user opens a repository or pull request.
The Hacker News

Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions

Eclipse Foundation to require pre-publish security checks for Open VSX extensions to reduce VS Code supply-chain risk.
How-To Geek on MSN

Visual Studio Code is eating up hundreds of gigabytes on Linux

Those project files you deleted might not actually be deleted.
InfoWorld

Building AI agents with the GitHub Copilot SDK

The GitHub Copilot SDK turns the Copilot CLI into a cross-platform agent host with Model Context Protocol support.
SecurityWeek

Open VSX Publisher Account Hijacked in Fresh GlassWorm Attack

A compromised Open VSX publisher account was used to distribute malicious extensions in a new GlassWorm supply chain attack.

Linux users report Microsoft's Visual Studio Code Snap package isn't actually deleting files

Many have run out of disk space entirely ...