Marketplace that were collectively installed 1.5 million times, exfiltrate developer data to China-based servers.

Two VSCode extensions are harvesting sensitive data and sending it to China.

Attackers can abuse VS Code configuration files for RCE when a GitHub Codespaces user opens a repository or pull request.

A new Visual Studio Code extension called Nogic sparked a wide-ranging Hacker News discussion, with commenters praising its graph-based approach to understanding complex codebases while also raising ...

Versions installed via Snap don't delete files when users empty system trash Linux users who installed Microsoft's Visual ...

Moltbot doesn't have a VSCode extension - you're downloading malware instead ...

A set of attack vectors in GitHub Codespaces have been uncovered that enable remote code execution (RCE) by opening a ...

In a a robust Hacker News thread sparked by Jamf Threat Labs research, a VS Code team member defended the editor's Workspace ...

Two VSCode extensions are harvesting sensitive data and sending it to China.

Cybersecurity researchers from Socket’s Threat Research team have identified a developer-compromise supply chain attack ...

North Korea is doubling down on a familiar playbook by weaponizing trust in open-source software and developer workflows. The ...