Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: vscode (5 articles)Clear

VS Code zero-day lets one click steal full-scope GitHub OAuth token via github.dev webview - PoC public, no patch yet

Security researcher Ammar Askar has released exploit code for an unpatched VS Code zero-day that lets attackers steal GitHub OAuth tokens with a single click. The flaw abuses VS Code's sandboxed webview message-passing system: malicious JavaScript in a webview simulates keypresses in the main editor to install a malicious extension that captures the GitHub OAuth token github.com POSTs to github.dev. The token is not scoped to a single repo - it grants full access to every private repository the victim can reach. No CVE has been assigned and there is no patch. Users can mitigate by clearing github.dev cookies and on-device site data, which restores the sign-in prompt.

Check
Inventory developer machines using VS Code and github.dev. Warn developers not to click untrusted links that open github.dev. Audit installed VS Code extensions for unfamiliar additions.
Affected
VS Code users who authenticate to github.dev. The leaked GitHub OAuth token is unscoped, granting full access to every private repository the victim can reach. No patch or CVE yet.
Fix
Until patched: clear github.dev cookies and on-device site data so the sign-in prompt reappears. Treat unsolicited github.dev links as hostile. Rotate GitHub tokens if exposure is suspected.

CrowdStrike, Google, Shadowserver disrupt GlassWorm botnet by cutting four resilient C2 channels - Solana memos, BitTorrent DHT, Google Calendar, direct VPS

CrowdStrike, Google, and The Shadowserver Foundation have disrupted the GlassWorm developer-supply-chain botnet by simultaneously cutting four resilient command-and-control channels. Active since October 2025, GlassWorm spread through malicious OpenVSX and VS Code extensions, GitHub repos, and npm packages (one March campaign hit 400+ artifacts), stealing crypto wallets and developer credentials. Its C2 was built to resist takedown: server addresses encoded in Solana transaction memo fields, configuration stored in the BitTorrent DHT, Base64 C2 paths hidden in Google Calendar event titles, and direct VPS connections for payload delivery. All four had to fall at once. Infected hosts now beacon to CrowdStrike's sinkhole at 164.92.88[.]210.

Check
Run CrowdStrike's published YARA rules across developer workstations and build servers. Search network logs for beacons to 164.92.88[.]210 (CrowdStrike sinkhole) indicating prior GlassWorm infection.
Affected
Developers who installed malicious OpenVSX or VS Code extensions, or pulled compromised GitHub repos and npm packages since October 2025. 400+ artifacts hit in the March campaign alone.
Fix
Remediate any host beaconing to the sinkhole. Audit installed OpenVSX/VS Code extensions against known-bad lists. Rotate crypto wallets and developer credentials exposed on infected machines.

GitHub confirms 3,800 internal repos stolen after employee installed malicious Nx Console VS Code extension (TeamPCP)

GitHub has confirmed that roughly 3,800 internal repositories were exfiltrated after one of its employees installed a malicious version of the Nx Console VS Code extension. The malicious extension has been pulled and the affected device has been isolated. GitHub's current assessment is that the activity was limited to internal repos and that no customer data stored outside them was touched. The numbers line up with the claim TeamPCP posted on Breached, where they offered the code for at least $50,000. The breach connects this week's Nx Console compromise to the broader TeamPCP campaign that also hit OpenAI and Grafana.

Check
Identify VS Code endpoints with the Nx Console extension. Confirm version is 18.100.0 or newer. Check for cat.py and kitty-monitor IoCs and outbound traffic to attacker C2 published by Nx.
Affected
Any developer machine that installed Nx Console 18.95.0 during the 11-minute window on May 18 (12:36-12:47 UTC). GitHub.com itself confirms 3,800 internal repos exfiltrated from one employee device.
Fix
Update to Nx Console 18.100.0. Audit access from GitHub-employee or contractor devices; rotate every credential, token, and SSH key reachable from machines that ran the trojanized version.

Nx Console 18.95.0 VS Code extension compromised in 11-minute window - kitty.py persistence and credential theft

The Nx team has confirmed that version 18.95.0 of its VS Code extension was malicious and that a few users were compromised. The bad version was available on the marketplace for only 11 minutes on May 18 (12:36 to 12:47 UTC), but that was enough to plant Python-based persistence under ~/.local/share/kitty/cat.py and a macOS LaunchAgent at com.user.kitty-monitor.plist, then steal tokens, secrets, and SSH keys reachable from the machine. The Nx team has shipped a clean 18.100.0 release and published indicators of compromise. This is the second time Nx has been targeted within a year, after the August 2025 s1ngularity supply-chain attack on its npm packages.

Check
Identify VS Code endpoints with the Nx Console extension. Check for ~/.local/share/kitty/cat.py, ~/Library/LaunchAgents/com.user.kitty-monitor.plist, /var/tmp/.gh_update_state, /tmp/kitty-*, or any process with __DAEMONIZED=1.
Affected
Anyone who installed Nx Console 18.95.0 from the VS Code marketplace during the 11-minute window on May 18 (12:36-12:47 UTC). A few users are confirmed affected.
Fix
Update Nx Console to 18.100.0. Kill malicious processes, delete IoC files, remove the LaunchAgent, and rotate every credential reachable from the developer machine - tokens, secrets, SSH keys.

Fake VS Code security alerts flooding GitHub Discussions to spread malware

Thousands of fake Visual Studio Code vulnerability warnings are being posted across GitHub Discussions in automated waves - all from freshly created accounts. The posts use realistic titles like 'Severe Vulnerability - Immediate Update Required' with fabricated CVE IDs to pressure developers into downloading malware from Google Drive links. The payloads fingerprint victims before delivering secondary attacks, acting as a traffic distribution system.

Check
Warn your development team - never download VS Code updates from GitHub Discussion links or Google Drive.
Affected
Any developer using GitHub who encounters a VS Code security alert in Discussions with an external download link.
Fix
Only update VS Code through the built-in updater or code.visualstudio.com. Verify any CVE IDs against NVD or CISA KEV before acting on them.