devtake.dev
AI Security Hardware Open Source Policy Apple

#vscode

RSS
Related: #dev-tools · 2 #ai-assistant · 1 #ai-coauthor · 1 #credential-theft · 1 #git · 1 #github · 1 #github-copilot · 1 #javascript · 1 #microsoft · 1 #security · 1
GitHub security blog header showing the GitHub Octocat logo on a backdrop of black security blocks.
Security·

GitHub's internal repos were breached. The attacker came in through a poisoned VS Code extension.

GitHub detected the intrusion on May 18 after a malicious VS Code extension compromised an employee's device. The attacker claims to have exfiltrated 3,800 internal repositories.

Illustration of a Git commit message stamped with a Copilot co-author trailer.
Web·

VS Code shipped 'Co-Authored-by Copilot' on every commit by default. Microsoft is reverting it.

A two-line PR flipped the AI co-author flag from off to all in April. Hand-typed commits started getting Copilot attribution. The maintainer apologized and promised a fix in 1.119.