SecurityWeek

VS Code Configs Expose GitHub Codespaces to Attacks

Attackers can abuse VS Code configuration files for RCE when a GitHub Codespaces user opens a repository or pull request.

GlassWorm Malware Hits macOS Through Trusted Open VSX Extensions

Cybersecurity researchers from Socket’s Threat Research team have identified a developer-compromise supply chain attack ...
Bleeping Computer

Malicious AI extensions on VSCode Marketplace steal developer data

Two malicious extensions in Microsoft’s Visual Studio Code (VSCode) Marketplace that were collectively installed 1.5 million times exfiltrate developer data to China-based servers. Both extensions are ...
IEEE

Hyperscale Resilient Buffer Pool Extension in Azure SQL Database

Abstract: Azure SQL DB offers disaggregated storage architecture called Hyperscale. While this architecture provides storage scale out, it comes at the cost of performance of I/O from remote storage.
CoinDesk

Trust Wallet users lose $7 million to hacked Chrome extension

Trust Wallet users lost more than $7 million shortly after it released an updated version of its extension for the Chrome web browser. The stolen funds will be reimbursed, said Changpeng Zhao, a ...
The Hacker News

Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data

Cybersecurity researchers have discovered two new extensions on Microsoft Visual Studio Code (VS Code) Marketplace that are designed to infect developer machines with stealer malware. The VS Code ...
Redmond Magazine

Microsoft Ignite 2025: SQL Server 2025 Is Here

With the official release of Microsoft's latest database offering, let's see what was improved and what still needs some work. Today, at Ignite, Microsoft announced the general availability of SQL ...
CSOonline

Vibe-coded ransomware proof-of-concept ended up on Microsoft’s marketplace

A suspicious Visual Studio Code extension with file-encrypting and data-stealing behavior successfully bypassed marketplace review and entered the developer ecosystem. In a suspected test effort, ...
Bleeping Computer

Fake Solidity VSCode extension on Open VSX backdoors developers

A remote access trojan dubbed SleepyDuck, and disguised as the well-known Solidity extension in the Open VSX open-source registry, uses an Ethereum smart contract to establish a communication channel ...
The Hacker News

Malicious VSX Extension "SleepyDuck" Uses Ethereum to Keep Its Command Server Alive

Cybersecurity researchers have flagged a new malicious extension in the Open VSX registry that harbors a remote access trojan called SleepyDuck. According to Secure Annex's John Tuckner, the extension ...
GitHub

running wasm-language-server on vscode.dev

$ npm run esbuild > wasm-language-server@1.0.0 esbuild > node ./bin/esbuild.js [ERROR] Could not resolve "vscode-languageclient/node" client/src/extension.ts:7:82: 7 │ ...geClientOptions, ...