RSS
← All articles
threat
2026-03-27

Fake VS Code security alerts flooding GitHub Discussions to spread malware

Thousands of fake Visual Studio Code vulnerability warnings are being posted across GitHub Discussions in automated waves - all from freshly created accounts. The posts use realistic titles like 'Severe Vulnerability - Immediate Update Required' with fabricated CVE IDs to pressure developers into downloading malware from Google Drive links. The payloads fingerprint victims before delivering secondary attacks, acting as a traffic distribution system.

githubvscodephishingsocial-engineeringdevelopers
Check
Warn your development team - never download VS Code updates from GitHub Discussion links or Google Drive.
Affected
Any developer using GitHub who encounters a VS Code security alert in Discussions with an external download link.
Fix
Only update VS Code through the built-in updater or code.visualstudio.com. Verify any CVE IDs against NVD or CISA KEV before acting on them.
Related Articles
breachIdentity governance vendor SailPoint discloses GitHub repository breach - third-party app flaw to blame
threatMac malware campaign uses Google ads and 'Apple Support' Claude.ai chats to install infostealer
threatHackers bought Google ads pointing to a fake GoDaddy WordPress login page - any site manager who clicked saw their credentials stolen