A published VS Code extension didn't hide the fact that it encrypts and exfiltrates data and also failed to remove obvious signs it was AI-generated.

Microsoft expanded model choice in VS Code with Bring Your Own Key (BYOK), enabling developers to connect models from any provider and manage them through a new extensible API.

Cybersecurity researchers have flagged a malicious Visual Studio Code (VS Code) extension with basic ransomware capabilities ...

Microsoft's unified agent experience in VS Code consolidates Copilot, Codex, and custom agents, introducing Agent Sessions, a ...

Treat this as an immediate security incident, CISOs advised; researchers say it’s one of the most sophisticated supply chain attacks they’ve seen, and it’s spreading. A month after a self-propagating ...

The GlassWorm malware campaign, which impacted the OpenVSX and Visual Studio Code marketplaces last month, has returned with ...

A malicious extension was published on Microsoft ’s official VS Code marketplace, and was able to remain there for some time ...

At its core, VS Code is built on an open source project called Code OSS, published under the permissive MIT license.

A self-propagating worm is targeting Visual Studio Code (VS Code) extensions in a complex supply chain attack that has infected 35,800 developer machines so far with techniques the likes of which ...

Stop wasting money on AI tools! Learn how to use VS Code and free extensions for professional-grade AI development at no ...

Eclipse Foundation, which maintains the open-source Open VSX project, said it has taken steps to revoke a small number of ...

A new malware worm campaign has infected multiple Microsoft Visual Studio Code extensions using invisible Unicode characters to hide malicious code from both reviewers and security tools, security ...