VS Code 1.123 adds a two-hour delay before extensions auto-update to newer versions when automatic updates are enabled.

For more than a year, a self-propagating worm rode VS Code extensions, npm packages, and stolen developer credentials through ...

Microsoft has had a VS Code extension for a long time, and it finally came back to bite them.

The best code editor might actually be your best everything editor.

A GitHub employee installed a routine VS Code extension update, handed cybercrime group TeamPCP enough access to exfiltrate approximately 3,800 of GitHub's internal source code repositories — everythi ...

GitHub CISO Alexis Wales confirmed Thursday that a poisoned build of the Nx Console Visual Studio Code extension — live on Microsoft's official Visual Studio Marketplace for just 18 minutes on May 18 ...

Hackers exfiltrated roughly 3,800 of GitHub Inc.’s internal code repositories after one of its employees installed a poisoned Visual Studio Code extension, the Microsoft Corp.-owned developer platform ...

GitHub is investigating a cyberattack linked to a malicious VS Code extension after hackers allegedly accessed thousands of internal repositories and attempted to sell the data online.

The threat actor skill floor may soon lower as vibe coded ransomware has seemingly been published as an extension for Microsoft's AI code editor Visual Studio Code (VS Code). John Tuckner, founder of ...

A suspicious Visual Studio Code extension with file-encrypting and data-stealing behavior successfully bypassed marketplace review and entered the developer ecosystem. In a suspected test effort, ...

A threat actor named WhiteCobra has been targeting VSCode, Cursor, and Windsurf users by planting 24 malicious extensions in the Visual Studio marketplace and the Open VSX registry. The campaign is ...