InfoWorld

Flaws in four popular VS Code extensions left 128 million installs open to attack

Three of the four vulnerabilities remained unpatched months after OX Security reported them to the maintainers.
Bleeping Computer

Malicious AI extensions on VSCode Marketplace steal developer data

Two malicious extensions in Microsoft’s Visual Studio Code (VSCode) Marketplace that were collectively installed 1.5 million times exfiltrate developer data to China-based servers. Both extensions are ...
Dark Reading

DPRK Actors Deploy VS Code Tunnels for Remote Hacking

A spear-phishing campaign by North Korean actors is abusing a legitimate feature of Microsoft Visual Studio (VS) Code to gain full remote control of targeted systems. In the campaign, discovered by ...
Infosecurity-magazine.com

Malware Discovered in 19 Visual Studio Code Extensions

A campaign involving 19 Visual Studio (VS) Code extensions that embed malware inside their dependency folders has been uncovered by cybersecurity researchers. Active since February 2025 but identified ...
Infosecurity-magazine.com

Malicious VS Code Extensions Deploy Advanced Infostealer

A new pair of malicious Visual Studio Code extensions capable of harvesting screenshots, browser sessions and stored credentials has been discovered by cybersecurity researchers. The extensions, ...
Dark Reading

'Ransomvibing' Infests Visual Studio Extension Market

The threat actor skill floor may soon lower as vibe coded ransomware has seemingly been published as an extension for Microsoft's AI code editor Visual Studio Code (VS Code). John Tuckner, founder of ...
The Hacker News

Self-Spreading 'GlassWorm' Infects VS Code Extensions in Widespread Supply Chain Attack

Cybersecurity researchers have discovered a self-propagating worm that spreads via Visual Studio Code (VS Code) extensions on the Open VSX Registry and the Microsoft Extension Marketplace, ...
InfoWorld

Self-propagating worm found in marketplaces for Visual Studio Code extensions

Treat this as an immediate security incident, CISOs advised; researchers say it’s one of the most sophisticated supply chain attacks they’ve seen, and it’s spreading. A month after a self-propagating ...
SecurityWeek

Supply Chain Attack Targets VS Code Extensions With ‘GlassWorm’ Malware

The malware uses invisible Unicode characters to hide its code and blockchain-based infrastructure to prevent takedowns. Visual Studio developers are targeted with a self-propagating worm in a ...
The Verge

Microsoft favors Anthropic over OpenAI for Visual Studio Code

Visual Studio Code now has a new auto AI model selector that favors Claude 4 over GPT-5. Visual Studio Code now has a new auto AI model selector that favors Claude 4 over GPT-5. is a senior editor and ...
GitHub

Container Tools for Visual Studio Code

The Container Tools extension makes it easy to build, manage, and deploy containerized applications from Visual Studio Code. It also provides one-click debugging of Node.js, Python, and .NET inside a ...