Bleeping Computer

Microsoft Visual Studio Code flaw lets extensions steal passwords

Microsoft's Visual Studio Code (VS Code) code editor and development environment contains a flaw that allows malicious extensions to retrieve authentication tokens stored in Windows, Linux, and macOS ...
SecurityWeek

Microsoft Bug Bounty Program Expanded to Third-Party Code

All critical vulnerabilities in Microsoft, third-party, and open source code are eligible for rewards if they impact Microsoft services.