SecurityWeek

VS Code Configs Expose GitHub Codespaces to Attacks

Attackers can abuse VS Code configuration files for RCE when a GitHub Codespaces user opens a repository or pull request.
Visual Studio Magazine

VS Code Team Member Blames User Trust Decisions in Repo-Based Attacks

In a a robust Hacker News thread sparked by Jamf Threat Labs research, a VS Code team member defended the editor's Workspace ...
SecurityWeek

Open VSX Publisher Account Hijacked in Fresh GlassWorm Attack

A compromised Open VSX publisher account was used to distribute malicious extensions in a new GlassWorm supply chain attack.