An internal Microsoft strategy document says that the plan for its just-announced “Scout” personal assistant AI is to “make people addicted” to the tool before rolling out additional functionality.

The document notes that “security and compliance” are important things to figure out moving forward.

https://www.404media.co/microsoft-wants-to-make-people-addicted-to-scout-its-new-ai-assistant-internal-documents-reveal/

A security researcher has released exploit code for a Visual Studio Code (VS Code) zero-day vulnerability that allows attackers to steal GitHub authentication tokens by tricking users into clicking a link.

https://www.bleepingcomputer.com/news/security/vs-code-zero-day-lets-hackers-steal-github-tokens-in-one-click/

GitHub has confirmed that roughly 3,800 internal repositories were breached after one of its employees installed a malicious VS Code extension.

https://www.bleepingcomputer.com/news/security/github-confirms-breach-of-3-800-repos-via-malicious-vscode-extension/

New from Nightmare-Eclipse, we have MiniPlasma

Works reliably to get a SYSTEM cmd.exe prompt on Win11 (including 26H1) with May's updates. Is reportedly a failure to properly fix CVE-2020-17103. I'll note that it does not seem to work on the latest Insider Preview Canary Windows 11.