Consolidation is never a good thing.

This is GlassWorm: a software supply chain attack that security researchers are calling one of the most sophisticated and ...

It says it is, but the reality is a little blurry.

Hackers target GitHub developers with fake VS Code alerts and CVEs, using malicious links to steal data and deliver malware.

A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the ...

Open VSX bug misread scanner failures as clean results, letting malicious VS Code extensions go live before patch in v0.32.0.

A hands-on test found that OpenClaw can work with VS Code for file-based drafting and source-driven synthesis, but the current experience is still centered on a local gateway and workspace model rathe ...

A supply chain attack campaign is spreading invisible malicious code across GitHub, npm, and the VS Code extension marketplace, with more than 151 compromised repositories identified so far. According ...

Pixel Agents integrates animated pixel art characters into Visual Studio Code (VS Code) to create a virtual workspace for managing AI-driven workflows. Demonstrated by Nate Herk , this extension ...

Anthropic's Claude Code for VS Code has surpassed OpenAI's Codex extension in Visual Studio Code Marketplace installs and review volume despite launching later. OpenAI positions Codex as an IDE ...

Critical and high-severity vulnerabilities were found in four widely used Visual Studio Code extensions with a combined 128 million downloads, exposing developers to file theft, remote code execution, ...

Cybersecurity researchers from Socket’s Threat Research team have identified a developer-compromise supply chain attack targeting macOS users, where malicious versions of popular developer extensions ...