A campaign involving 19 Visual Studio (VS) Code extensions that embed malware inside their dependency folders has been uncovered by cybersecurity researchers. Active since February 2025 but identified ...

For a few days now, a supply chain attack has been running through the Visual Studio Code marketplaces. Both Microsoft's Marketplace and the alternative Open-VSX marketplace of the Eclipse Foundation ...

Threat actors continue to probe Visual Studio Code's extension ecosystem, and a late November incident shows how quickly a trusted developer tool can be turned into a supply chain beachhead. In a ...

An unknown threat actor is deploying a large-scale, sophisticated cryptojacking campaign through a series of malicious extensions in Visual Studio Code, Microsoft’s lightweight source-code editor, ...

Treat this as an immediate security incident, CISOs advised; researchers say it’s one of the most sophisticated supply chain attacks they’ve seen, and it’s spreading. A month after a self-propagating ...

Microsoft's text editor 'Visual Studio Code' has an extension marketplace, where users can easily install various extensions. A Reddit post pointed out that only Microsoft extensions can use special ...

Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local ...

AI-powered tools like GitHub Copilot and IntelliJ IDEA are changing how Java developers code, debug, and modernize applications. From automating boilerplate to guiding framework upgrades, these tools ...