A security researcher has publicly disclosed a zero-day vulnerability in Visual Studio Code, citing distrust in Microsoft's bug handling process. The researcher, Ammar Askar, discovered a serious flaw that allows attackers to steal GitHub tokens, granting read and write access to repositories, including private ones, simply by clicking a link. Askar notified a GitHub contact and released a working exploit just one hour later, bypassing the traditional 90-day coordinated disclosure window. This move underscores the researcher's loss of faith in Microsoft's vulnerability reporting and remediation process. The exploit's release highlights the urgency for users to assess their exposure, as the window for patching is rapidly diminishing. The vulnerability poses a significant risk to developers using Visual Studio Code, so practitioners should prioritize evaluating their systems' susceptibility to this zero-day threat1.