In a nutshell: A VS Code vulnerability allows attackers to compromise valid GitHub tokens through social engineering.
A security researcher has published exploit code for a zero-day vulnerability in Visual Studio Code that enables attackers to steal GitHub authentication tokens by clicking on a malicious link.
The vulnerability affects Visual Studio Code and exploits the trusted behavior of developers when clicking links. An attacker can create a specially crafted link that, when clicked, opens VS Code and immediately accesses locally stored GitHub authentication tokens.
For enterprises, this poses a direct risk to source code repositories and thus supply chain security. Compromised GitHub tokens enable attackers to inject code into repositories, exfiltrate secrets, or make changes to critical deployments — all under the identity of the affected developer.
The publication of exploit code significantly escalates the situation: attackers now have a functional tool to deploy this vulnerability in broader campaigns. CISOs should immediately inform development teams about this vulnerability and verify whether VS Code is deployed in their environment. Timely patches from Microsoft are necessary; until then, temporary measures such as restricting VS Code URI handlers or monitoring unexpected token usage can help.
Source: www.bleepingcomputer.com · Published 3 June 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.2.9.