The Hacker News

VS Code Forks Recommend Missing Extensions, Creating Supply Chain Risk in Open VSX

Popular artificial intelligence (AI)-powered Microsoft Visual Studio Code (VS Code) forks such as Cursor, Windsurf, Google Antigravity, and Trae have been found to recommend extensions that are ...
Developer Tech

Malware campaign uses VS Code extensions for A/B testing

A new malware campaign is A/B testing delivery effectiveness on software developers using malicious VS Code extensions. In a campaign tracked by Koi, a threat actor published two malicious VS Code ...
Infosecurity-magazine.com

Malicious VS Code Extensions Deploy Advanced Infostealer

A new pair of malicious Visual Studio Code extensions capable of harvesting screenshots, browser sessions and stored credentials has been discovered by cybersecurity researchers. The extensions, ...
Visual Studio Magazine

Threat Actors Keep Weaponizing VS Code Extensions

Threat actors continue to probe Visual Studio Code's extension ecosystem, and a late November incident shows how quickly a trusted developer tool can be turned into a supply chain beachhead. In a ...
Geeky Gadgets

Go Green with VS Code for Quicker AI Tools & Safer Model Control

Have you ever wondered if your go-to tools might be holding you back? For millions of developers, Visual Studio Code (VS Code) is the undisputed champion of code editors, celebrated for its ...
Visual Studio Magazine

'VS Code for the Web -- Azure' Adds Faster Entry Points for Browser-Based Cloud Development

Microsoft expanded its browser-based development tooling with recent updates to VS Code for the Web -- Azure, introducing faster entry points for moving AI-generated code into an editable, ...
GitHub

IntelliCode Extensions for VS Code Are Being Deprecated

No new features will be added. Bug fixes and support will end immediately. The extensions will be marked as deprecated and this repo archived. Uninstall the IntelliCode extensions for VS Code and ...
cryptopolitan

3 VS Code extensions stealing credentials for GitHub, VSX, and crypto wallets

Cybersecurity firm Koi Security uncovers a new wave of the GlassWorm campaign, which hides malware in invisible Unicode code within VS Code extensions. The malware steals GitHub, Open VSX, and crypto ...
Dark Reading

GlassWorm Returns, Slices Back into VS Code Extensions

GlassWorm, a self-propagating malware targeting Visual Studio Code (VS Code) extensions on the Open VSX marketplace, have apparently continued despite statements that the threat had been contained.
bitnewsbot

GlassWorm Malware Targets VS Code with New Malicious Extensions

Cybersecurity experts have revealed that three harmful extensions tied to the GlassWorm campaign targeting the Visual Studio Code (VS Code) environment are still accessible for download. The discovery ...
Bleeping Computer

OAuth Device Code Phishing: Azure vs. Google Compared

Come along with me on a journey as we delve into the swirling, echoing madness of identity attacks. Today, I present a case study on how different implementations of OAuth 2.0, the core authentication ...