Attackers can abuse VS Code configuration files for RCE when a GitHub Codespaces user opens a repository or pull request.

In a a robust Hacker News thread sparked by Jamf Threat Labs research, a VS Code team member defended the editor's Workspace ...

Welcome to the Chinese JavaScript (cn-js) Language Support extension for Visual Studio Code. This extension provides comprehensive support for writing JavaScript code using Chinese keywords.

A new malware-as-a-service (MaaS) called 'Stanley' promises malicious Chrome extensions that can clear Google's review process and publish them to the Chrome Web Store. Researchers at end-to-end data ...

Two VSCode extensions exfiltrated sensitive user data to Chinese servers ChatGPT – 中文版 and ChatMoss had over 1.5 million installs combined Extensions used hidden iframes, commands, and SDKs to steal ...

Cybersecurity researchers have discovered two malicious Microsoft Visual Studio Code (VS Code) extensions that are advertised as artificial intelligence (AI)-powered coding assistants, but also harbor ...

Java, Scala, Clojure, Kotlin, Python, Haskell, Agda, Rust, JavaScript, TypeScript, Erlang, Go, Groovy, Ruby, Elixir, ObjectiveC, PHP, HTML, XML, SQL, Apex language ...

A massive file harvesting campaign is ongoing, targeting VS Code developers. Over 1.5 million users have downloaded knock-off extensions that function like AI coding assistants but are also bristling ...

PCWorld reports that over 840,000 users were infected by malicious browser extensions containing GhostPoster malware hidden in extension logos. These harmful extensions operated undetected in official ...