Fake VS Code security alerts flooding GitHub Discussions to spread malware

Thousands of fake Visual Studio Code vulnerability warnings are being posted across GitHub Discussions in automated waves - all from freshly created accounts. The posts use realistic titles like 'Severe Vulnerability - Immediate Update Required' with fabricated CVE IDs to pressure developers into downloading malware from Google Drive links. The payloads fingerprint victims before delivering secondary attacks, acting as a traffic distribution system.

Check

Warn your development team - never download VS Code updates from GitHub Discussion links or Google Drive.

Affected

Any developer using GitHub who encounters a VS Code security alert in Discussions with an external download link.

Fix

Only update VS Code through the built-in updater or code.visualstudio.com. Verify any CVE IDs against NVD or CISA KEV before acting on them.