Security researchers found two AI-branded VS Code extensions with 1.5M installs that covertly send source code and files to ...

Attackers can abuse VS Code configuration files for RCE when a GitHub Codespaces user opens a repository or pull request.

In a a robust Hacker News thread sparked by Jamf Threat Labs research, a VS Code team member defended the editor's Workspace ...

A compromised Open VSX publisher account was used to distribute malicious extensions in a new GlassWorm supply chain attack.

Two malicious extensions in Microsoft’s Visual Studio Code (VSCode) Marketplace that were collectively installed 1.5 million times exfiltrate developer data to China-based servers. Both extensions are ...

Microsoft's C/C++ extension for Visual Studio Code (VS Code) no longer works with derivative products such as VS Codium and Cursor – and some developers are crying foul.… In early April, programmers ...

VS Code forks like Cursor, Windsurf, and Google Antigravity may share a common foundation, but hands-on testing shows they ...

North Korea is doubling down on a familiar playbook by weaponizing trust in open-source software and developer workflows. The ...

I use VS Code almost every day. One thing that sticks with me about it is that it can do so much heavy lifting for you. Doing repetitive edits? Searching for files in the sidebar? Retyping the same ...

Mac users often assume they're safer than everyone else, especially when they stick to official app stores and trusted tools. That sense of security is exactly what attackers like to exploit. Security ...