Two malicious extensions in Microsoft’s Visual Studio Code (VSCode) Marketplace that were collectively installed 1.5 million times exfiltrate developer data to China-based servers. Both extensions are ...

Visual Studio Code 1.109 introduces enhancements for providing agents with more skills and context and managing multiple ...

Eclipse Foundation to require pre-publish security checks for Open VSX extensions to reduce VS Code supply-chain risk.

Microsoft outlines new AI reliability, agentic coding, and Copilot improvements coming to Visual Studio 2026, with a focus on ...

Cybersecurity researchers from Socket’s Threat Research team have identified a developer-compromise supply chain attack ...

GitHub Copilot testing for .NET in Visual Studio 2026 v18.3 can generate tests for the xUnit, NUnit, and MSTest test frameworks.

Attackers can abuse VS Code configuration files for RCE when a GitHub Codespaces user opens a repository or pull request.

A new GlassWorm malware attack through compromised OpenVSX extensions focuses on stealing passwords, crypto-wallet data, and developer credentials and configurations from macOS systems.

In a a robust Hacker News thread sparked by Jamf Threat Labs research, a VS Code team member defended the editor's Workspace ...

A compromised Open VSX publisher account was used to distribute malicious extensions in a new GlassWorm supply chain attack.

The January 2026 update has arrived.