Security Flaw Found in Popular Coding Tool: What Non-Programmers Should Know

A security researcher named Ammar Askar discovered a security flaw in Visual Studio Code, a tool that software programmers use to write computer code. He published information about how this flaw could be used to steal GitHub tokens, which are like special passwords that developers use.

He gave the security team at GitHub about one hour of warning before publishing his findings publicly. This issue affects people who write software code professionally or as a hobby. If you or someone in your family uses Visual Studio Code and GitHub for programming projects, their account access could potentially be compromised through this vulnerability.

For most families who use computers for email, web browsing, social media, and everyday tasks, this does not affect you. This is a specialized tool used by developers. If someone in your household is a programmer who uses VS Code and GitHub, they should take these steps right now.

1. Check for updates to Visual Studio Code and install any available updates immediately.
2. Review the security settings on their GitHub account.
3. Watch for any unusual activity or access to their repositories.
4. Consider rotating their GitHub tokens as a precaution. Non-programmers do not need to take action. For families with young people learning to code, this is a good teaching moment about responsible disclosure in cybersecurity. Security researchers and companies need to work together to fix problems before bad actors (the criminals behind an attack) can exploit them. Encourage young programmers in your family to always keep their development tools updated and to use strong security practices even when working on personal projects.