GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...
techtimes

GitHub CISO Names Nx Console as Root of 3,800-Repo Breach: OpenAI, Grafana Also Hit

GitHub CISO Alexis Wales confirmed Thursday that a poisoned build of the Nx Console Visual Studio Code extension — live on Microsoft's official Visual Studio Marketplace for just 18 minutes on May 18 ...
Ventureburn

12 Best AI for Coding Tools in 2026 (Vibecoding & Data Science)

Discover the top 12 tools in 2026, from Cursor to Copilot, to speed up daily dev workflows and build apps faster!

Dev Configs for Windows: From fresh install to IDE in one command

With Microsoft's new Dev Configs, a Windows installation becomes a ready-to-use developer workstation with a single command – ...

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious versions anyway. The CI/CD Trust-Chain Audit Grid maps the six gaps it ...

Google AI Studio Cheat Sheet: Features, Pricing, and More

Google AI Studio lets users test Gemini models, build apps, generate media, and export code. Here’s what it does, costs, and ...
Unite.AI

OpenAI Codex Review: I Built a Landing Page in 20 Mins

A recent Stack Overflow survey found that more than 84% of developers are already using or planning to use AI tools in their workflow. After trying OpenAI Codex for myself, I understand why. Like many ...
Bleeping Computer

Shai Hulud attack ships signed malicious TanStack, Mistral npm packages

Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering credential-stealing malware targeting developers. The attacker hijacked valid OpenID ...
GitHub

Kite Autocomplete Plugin for Visual Studio Code

Kite is an AI-powered programming assistant that helps you write code faster inside Visual Studio Code. Kite helps you write code faster by saving you keystrokes and showing you the right information ...
Visual Studio Magazine

Slammed by Copilot Usage-Based Billing on Day 1, Facing $180 Bill for June

A journalist using GitHub Copilot Pro details how a broken editorial workflow on day one of usage-based billing led to runaway token consumption, a projected $180 monthly bill, and practical tactics ...
Tech Times

VS Code Agents Hit Stable: Air-Gapped BYOK Unlocks Enterprise AI Coding

VS Code agents are now in Stable preview, and the 1.122 update removed the GitHub OAuth requirement from BYOK, letting defense, healthcare, and finance developers run fully air-gapped AI-assisted ...
Visual Studio Magazine

VS Code 1.122 Lets BYOK Work Without GitHub Sign-In

Microsoft's May 2026 VS Code update makes BYOK usable in restricted environments while adding agent, browser and issue-reporting updates.