SecurityWeek

VS Code Configs Expose GitHub Codespaces to Attacks

Attackers can abuse VS Code configuration files for RCE when a GitHub Codespaces user opens a repository or pull request.
The Hacker News

Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware

A fake VS Code extension posing as a Moltbot AI assistant installed ScreenConnect malware, giving attackers persistent remote ...
The Hacker News

Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions

Eclipse Foundation to require pre-publish security checks for Open VSX extensions to reduce VS Code supply-chain risk.

Malicious AI extensions on VSCode Marketplace steal developer data

Marketplace that were collectively installed 1.5 million times, exfiltrate developer data to China-based servers.
Visual Studio Magazine

Copilot Studio Extension for VS Code Goes GA

The Copilot Studio extension for Visual Studio Code is now generally available, allowing agents to be developed and managed directly from the editor. The extension enables software-style workflows for ...

Dangerous new malware targets macOS devices via OpenVSX extensions

GlassWorm malware is expanding to open source platforms, targeting macOS users with infostealers.
Visual Studio Magazine

Buzz About VS Code Extension for Codebase Visualization

A new VS Code extension called Nogic visualizes codebases as interactive graphs and drew strong interest on Hacker News. Commenters praised the concept for understanding large or unfamiliar codebases, ...
XDA Developers on MSN

4 VS Code forks built for specific tasks

The classic VS Code is great and all, but these specialized forks are better for certain programming tasks ...

Linux users report Microsoft's Visual Studio Code Snap package isn't actually deleting files

Many have run out of disk space entirely ...