Attackers can abuse VS Code configuration files for RCE when a GitHub Codespaces user opens a repository or pull request.

PCWorld reports on a Chrome extension called “Microsoft to Microslop” that renames Microsoft references in browsers as a protest against the company’s aggressive AI integration. The extension reflects ...

Popular artificial intelligence (AI)-powered Microsoft Visual Studio Code (VS Code) forks such as Cursor, Windsurf, Google Antigravity, and Trae have been found to recommend extensions that are ...

A new pair of malicious Visual Studio Code extensions capable of harvesting screenshots, browser sessions and stored credentials has been discovered by cybersecurity researchers. The extensions, ...

Two malicious extensions on Microsoft's Visual Studio Code Marketplace infect developers' machines with information-stealing malware that can take screenshots, steal credentials, crypto wallets, and ...

Threat actors continue to probe Visual Studio Code's extension ecosystem, and a late November incident shows how quickly a trusted developer tool can be turned into a supply chain beachhead. In a ...

The threat actor known as Bloody Wolf has been attributed to a cyber attack campaign that has targeted Kyrgyzstan since at least June 2025 with the goal of delivering NetSupport RAT. As of October ...

The first step in integrating Ollama into VSCode is to install the Ollama Chat extension. This extension enables you to interact with AI models offline, making it a valuable tool for developers. To ...

ThioJoe demonstrates how to make Chrome safer in just minutes without installing any extensions. Canada's Florida boycott 'taking effect' on Donald Trump—Doug Ford Gil Gerard, ‘Buck Rogers in the 25th ...

Cybersecurity firm Koi Security uncovers a new wave of the GlassWorm campaign, which hides malware in invisible Unicode code within VS Code extensions. The malware steals GitHub, Open VSX, and crypto ...

GlassWorm, a self-propagating malware targeting Visual Studio Code (VS Code) extensions on the Open VSX marketplace, have apparently continued despite statements that the threat had been contained.