VS Code

Breaking Technology

VS Code Zero-Day Exposes GitHub Tokens as Supply-Chain Attacks Breach 3,800 Internal Repositories

Unpatched OAuth vulnerability allows single-click credential theft while poisoned extension compromises GitHub's own infrastructure in 18 minutes.

8 min read ·
Breaking Technology

Nx Console VS Code Extension Compromised in Supply Chain Attack Targeting Developer Credentials

Malicious v18.95.0 harvested cloud secrets and SSH keys from enterprise development environments during 11-minute window on Microsoft Marketplace.

7 min read ·