Security Risks

VS Code Zero-Day Lets Attackers Steal Full GitHub OAuth Tokens

Malicious webview scripts can simulate keystrokes to install an extension that captures broad-scope tokens, prompting Microsoft to investigate and prepare a fix.