New research has uncovered that publishers of over 100 Visual Studio Code (VS Code) extensions leaked access tokens that ...

GlassWorm spread via 14 VS Code extensions; Solana + Google Calendar C2; stole credentials, drained 49 wallets.

Whether you are a seasoned developer or just starting your coding journey, Visual Studio Code (VS Code) is likely a central part of your daily workflow. While Microsoft’s code editor is powerful out ...

Despite the programming landscape teeming with cool code editors, many developers (including yours truly) rely on Visual Studio Code to develop apps, create scripts, and edit config files. After all, ...

A malware that steals credentials and cryptocurrencies uses Unicode for invisible code and installs a remote access trojan.

A new campaign involving malicious Visual Studio Code (VS Code) extensions has exposed a loophole in the VS Code Marketplace that allows threat actors to reuse names of previously removed packages.

There isn’t a consistent threat model for extension marketplaces yet, McCarthy said, making it difficult for any platform to ...

The coordinated campaign abuses Visual Studio Code and OpenVSX extensions to steal code, mine cryptocurrency, and maintain ...

Treat this as an immediate security incident, CISOs advised; researchers say it’s one of the most sophisticated supply chain ...

VS Code 1.105 also introduces a built-in MCP server marketplace and allows users to resume recent Copilot Chat sessions.