A new campaign involving 19 malicious Visual Studio Code extensions used a legitimate npm package to embed malware in ...

Visual Studio Code just released its November 2025 update, version 1.107. There are more improvements for AI coding agents ...

Malicious Visual Studio Code extensions disguised as dark themes and AI assistants infect developers with infostealing ...

Two malicious Visual Studio Code extensions, Bitcoin Black and Codo AI, have been observed harvesting sensitive user data ...

VSCodium avoids this entire issue. It is a community-driven option for those who don't want the proprietary distribution ...

Researchers found malicious VS Code extensions and Go, npm, and Rust packages stealing developer data via hidden payloads and exfiltration.

Two malicious extensions on Microsoft's Visual Studio Code Marketplace infect developers' machines with information-stealing ...

Threat actors are still abusing Visual Studio Code extensions as an entry point, with the latest fake Prettier incident ...

Malware is back on the OpenVSX and Microsoft Visual Studio marketplaces, researchers are warning. In mid-September this year, ...

The Glassworm campaign is proving to be more persistent than expected. After malicious extensions appeared in both the ...