Microsoft’s Visual Studio Code (VS Code) has a flaw that allows malicious extensions to access authentication tokens stored in credential managers. Discovered by Cycode researchers, the flaw could lead to unauthorized system access and data breaches. Despite being informed, Microsoft has chosen not to fix the issue, stating that extensions are not expected to be sandboxed from the rest of the environment.
Read more at BleepingComputer…