Techly NewsGet the app

Get the latest tech news

Escaping Misconfigured VSCode Extensions (2023)


TL;DR: This two-part blog series will cover how I found and disclosed three vulnerabilities in VSCode extensions and one vulnerability in VSCode itself (a security mitigation bypass assigned CVE-2022-41042 and awarded a $7,500 bounty). We will identify the underlying cause of each vulnerability and create fully working exploits to demonstrate how an […]

None

Get the Android app

Or read this on Hacker News

« Microsoft Copilot ignored sensitivity labels twice in eight months — and no DLP stack caught either one
Remember HQ? ‘Quiz Daddy’ Scott Rogowsky is back with TextSavvy, a daily mobile game show »