Security researcher Ammar Askar has released exploit code for an unpatched VS Code zero-day that lets attackers steal GitHub OAuth tokens with a single click. The flaw abuses VS Code's sandboxed webview message-passing system: malicious JavaScript in a webview simulates keypresses in the main editor to install a malicious extension that captures the GitHub OAuth token github.com POSTs to github.dev. The token is not scoped to a single repo - it grants full access to every private repository the victim can reach. No CVE has been assigned and there is no patch. Users can mitigate by clearing github.dev cookies and on-device site data, which restores the sign-in prompt.
CrowdStrike, Google, and The Shadowserver Foundation have disrupted the GlassWorm developer-supply-chain botnet by simultaneously cutting four resilient command-and-control channels. Active since October 2025, GlassWorm spread through malicious OpenVSX and VS Code extensions, GitHub repos, and npm packages (one March campaign hit 400+ artifacts), stealing crypto wallets and developer credentials. Its C2 was built to resist takedown: server addresses encoded in Solana transaction memo fields, configuration stored in the BitTorrent DHT, Base64 C2 paths hidden in Google Calendar event titles, and direct VPS connections for payload delivery. All four had to fall at once. Infected hosts now beacon to CrowdStrike's sinkhole at 164.92.88[.]210.
GitHub has confirmed that roughly 3,800 internal repositories were exfiltrated after one of its employees installed a malicious version of the Nx Console VS Code extension. The malicious extension has been pulled and the affected device has been isolated. GitHub's current assessment is that the activity was limited to internal repos and that no customer data stored outside them was touched. The numbers line up with the claim TeamPCP posted on Breached, where they offered the code for at least $50,000. The breach connects this week's Nx Console compromise to the broader TeamPCP campaign that also hit OpenAI and Grafana.
The Nx team has confirmed that version 18.95.0 of its VS Code extension was malicious and that a few users were compromised. The bad version was available on the marketplace for only 11 minutes on May 18 (12:36 to 12:47 UTC), but that was enough to plant Python-based persistence under ~/.local/share/kitty/cat.py and a macOS LaunchAgent at com.user.kitty-monitor.plist, then steal tokens, secrets, and SSH keys reachable from the machine. The Nx team has shipped a clean 18.100.0 release and published indicators of compromise. This is the second time Nx has been targeted within a year, after the August 2025 s1ngularity supply-chain attack on its npm packages.
Thousands of fake Visual Studio Code vulnerability warnings are being posted across GitHub Discussions in automated waves - all from freshly created accounts. The posts use realistic titles like 'Severe Vulnerability - Immediate Update Required' with fabricated CVE IDs to pressure developers into downloading malware from Google Drive links. The payloads fingerprint victims before delivering secondary attacks, acting as a traffic distribution system.