From securityonline.info
A proof-of-concept (PoC) exploit related to a remote code execution vulnerability affecting Visual Studio Code and patched by Microsoft in October was published online.
” An attacker could, through a link or website, take over the computer of a Visual Studio Code user and any computers they were connected to via the Visual Studio Code Remote Development feature. This issue affected at least GitHub Codespaces, github.dev, the web-based Visual Studio Code for Web and to a lesser extent Visual Studio Code desktop,” a researcher from Google said.