GIGAZINE

A report that a fake VSCode extension was created and downloaded and that a flaw in the VSCode extension system that makes it easy to insert malicious code was also revealed

Microsoft's text editor 'Visual Studio Code (VSCode)' allows you to add functions and customize the appearance by introducing extensions. Security researchers released 'fake extensions that insert ...
SecurityWeek

VS Code Configs Expose GitHub Codespaces to Attacks

Attackers can abuse VS Code configuration files for RCE when a GitHub Codespaces user opens a repository or pull request.

Fake Moltbot AI assistant just spreads malware - so watch out for scams

Moltbot doesn't have a VSCode extension - you're downloading malware instead ...
Visual Studio Magazine

Private Preview of GitHub Copilot Extensions Customizes AI Coding Assistance

GitHub introduced Copilot Extensions, providing customized AI assistance by integrating tools from partners like DataStax, Docker and Microsoft Azure directly into the Copilot interface. Announced as ...
CSOonline

TigerJack’s malicious VSCode extensions mine, steal, and stay hidden

The coordinated campaign abuses Visual Studio Code and OpenVSX extensions to steal code, mine cryptocurrency, and maintain remote control, all while posing as legitimate developer tools. In a new ...
InfoWorld

Threat actors are spreading malicious extensions via VS marketplaces

Careless developers publishing Visual Studio extensions to two open marketplaces have been including access tokens and other secrets that can be exploited by threat actors, a security vendor has found ...
TechRadar

Developers targeted by malicious Microsoft VSCode extensions

Reversing Labs and Assaraf discover campaign targeting software and web3 devs Multiple packages were hiding weaponized code that deploys stage-two malware The malicious intent was very difficult to ...
CSOonline

Warning to developers: Stay away from these 10 VSCode extensions

Developers using Microsoft’s Visual Studio Code (VSCode) editor are being warned to delete, or at least stay away from, 10 newly published extensions which will trigger the installation of a ...