mancube4h ago
so even with #aislop disabled #vscode still pops up a little code actions sparkle suggesting copilot actions? what is wrong with these people?
Winbuzzer9h ago

https://winbuzzer.com/2026/06/04/vs-code-exploit-can-steal-github-tokens-via-githubdev-xcxwbn/

A VS Code exploit for github.dev can steal GitHub OAuth tokens after one malicious link, exposing private repositories while teams await a patch.

#VSCode #VisualStudioCode #GitHub #Microsoft #Cybersecurity #SecurityThreats

Xavier Ashe 10h ago

Another researcher skipped coordinated disclosure entirely and dropped a critical 1-click GitHub token theft in public because he doesn't want to deal with MSRC. In his own words: "I really don't want to deal with MSRC on VSCode bugs."

The bug: just clicking a link can hand an attacker a GitHub token that reads AND writes to all your repos, including private ones. It lives in github[.]dev, GitHub's browser-based VSCode editor, which passes the browser an OAuth token that isn't scoped to a single repo. That token can touch everything you can.

Researcher Ammar Askar found that VSCode's sandboxed "webviews" leak keyboard events to the main editor. A malicious repo opened via one link can simulate keystrokes, install a local extension that skips VSCode's publisher-trust check, and exfiltrate your token. He published a working proof-of-concept.

He says when he reports github[.]dev bugs, GitHub tells him they're out of scope and to go report to MSRC, and a prior VSCode bug he reported was silently fixed with no credit. One commenter summed up the mood: "MSRC has turned into Feedback Hub."

(FYI, I stole this text from IntCyberDigest on x)
https://blog.ammaraskar.com/github-token-stealing/
#infosec #github #0day #zeroday #vscode

1-Click GitHub Token Stealing via a VSCode Bug

My blog, mostly about programming

Ammar's Blog
The New Oil17h ago

#VSCode zero-day lets hackers steal #GitHub tokens in one click

https://www.bleepingcomputer.com/news/security/vs-code-zero-day-lets-hackers-steal-github-tokens-in-one-click/

#cybersecurity #Microsoft

VS Code zero-day lets hackers steal GitHub tokens in one click

A security researcher has released exploit code for a Visual Studio Code (VS Code) zero-day vulnerability that allows attackers to steal GitHub authentication tokens by tricking users into clicking a link.

BleepingComputer
STM32World17h ago

First Blinky | RP2350 Tutorial #2

In this video we will tweak the project we made in the first video and make it run on our Streamline MCU RP2354 Blade.

#RP2350 #GettingStarted #Tutorial #VSCode #CurrentMakers #Streamline #STM32World

https://www.youtube.com/watch?v=z-0-4W92aTU

First Blinky | RP2350 Tutorial #2

YouTube
DelegateVoid23h ago
#vscode refuses to open a 1.9GB log file.
#vim is like: "hold my beer, I've got this"
[email protected] 1d ago

Continueって拡張機能使うと,基本どんなAIでも繋げられるようになるのね

LM studio(ローカルLLM)をVScode上で利用してみた #VSCode - Qiita
https://qiita.com/QA_tonchan/items/68fe5b27ffabb42498b2

LM studio(ローカルLLM)をVScode上で利用してみた - Qiita

みなさんchatgptやcloude、github copilotつかってますか? もうAIなしのコーディングはできないと思ってませんか? しかしながら、機密性の高い情報を入力することは憚られる、、、 でも大丈夫!ローカルならね! ということで、ローカルLLM(Large ...

Qiita
Nemeski1d ago

VS Code 1.123 released

https://mander.xyz/post/53073432

Trump cracks about leaving office in ‘8 or 9 years’ — a month shy of his 80th birthday - Mander

Lemmy

@[email protected]1d ago

VSCode, man. Lol

1-Click GitHub Token Stealing via a VSCode Bug
https://blog.ammaraskar.com/github-token-stealing/

#VSCode #GitHub

1-Click GitHub Token Stealing via a VSCode Bug

My blog, mostly about programming

Ammar's Blog
Shawn Brink1d ago
#VisualStudioCode version 1.123 release available #VSCode
https://www.elevenforum.com/t/visual-studio-code-version-1-123-release-available.47262/