VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.

The agent is doing the actual work, and VS Code is just a window.

D Yet another aggrieved bug hunter has leaked a vulnerability affecting a Microsoft product after becoming disillusioned with ...

The best code editor might actually be your best everything editor.

Abstract: To characterize the building blocks of a legacy software system (e.g., structure, dependencies), programmers usually spend a long time navigating its source code. Yet, modern integrated ...

The four C&C channels used by GlassWorm, the botnet targeting open source software developers, have been disrupted.

Ubiquiti released a new security bulletin detailing fixes for six security issues, including one rated 9.1 (critical) and one scoring a perfect 10.0 on the CVE risk scale. The vulnerabilities ...

GitHub’s internal repositories — now staged publishing in npm 11.15.0 requires a human 2FA approval before any package goes ...

A recent Stack Overflow survey found that more than 84% of developers are already using or planning to use AI tools in their workflow. After trying OpenAI Codex for myself, I understand why. Like many ...

文丨李海伦编辑丨徐青阳美国时间6月2日，微软Build 2026开发者大会在旧金山梅森堡拉开帷幕。此次大会主题聚焦于前沿AI技术的实战应用，微软发布了一系列覆盖自研AI模型、智能体应用、操作系统安全、开发者工具、云服务及新型硬件平台的产品与更新。