Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local ...

Two malicious extensions in Microsoft’s Visual Studio Code (VSCode) Marketplace that were collectively installed 1.5 million times exfiltrate developer data to China-based servers. Both extensions are ...

A spear-phishing campaign by North Korean actors is abusing a legitimate feature of Microsoft Visual Studio (VS) Code to gain full remote control of targeted systems. In the campaign, discovered by ...

A campaign involving 19 Visual Studio (VS) Code extensions that embed malware inside their dependency folders has been uncovered by cybersecurity researchers. Active since February 2025 but identified ...

A new pair of malicious Visual Studio Code extensions capable of harvesting screenshots, browser sessions and stored credentials has been discovered by cybersecurity researchers. The extensions, ...

Have you ever wondered if your go-to tools might be holding you back? For millions of developers, Visual Studio Code (VS Code) is the undisputed champion of code editors, celebrated for its ...

Agent HQ provides a single location for managing both local and remote coding agents and introduces a plan agent that breaks down complex tasks into steps before coding. The latest update to the ...

The threat actor skill floor may soon lower as vibe coded ransomware has seemingly been published as an extension for Microsoft's AI code editor Visual Studio Code (VS Code). John Tuckner, founder of ...

Cybersecurity researchers have discovered a self-propagating worm that spreads via Visual Studio Code (VS Code) extensions on the Open VSX Registry and the Microsoft Extension Marketplace, ...

Treat this as an immediate security incident, CISOs advised; researchers say it’s one of the most sophisticated supply chain attacks they’ve seen, and it’s spreading. A month after a self-propagating ...

The malware uses invisible Unicode characters to hide its code and blockchain-based infrastructure to prevent takedowns. Visual Studio developers are targeted with a self-propagating worm in a ...