1. Microsoft VS Code Vulnerability Allows AI Agent to Edit Sensitive Files Without User Consent via Prompt Injection
A remote code execution vulnerability has been discovered in VS Code 1.119.0 and earlier versions that allows a crafted prompt-injection attack on certain GPT family models to bypass user confirmation, enabling unauthorized editing of sensitive files on affected systems. The flaw specifically exploits how VS Code's AI...