Critical vulnerabilities in four widely used VS Code extensions could enable file theft and remote code execution across 125M installs.

Three of the four vulnerabilities remained unpatched months after OX Security reported them to the maintainers.

Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local ...

OpenAI has recently published a detailed architecture description of the Codex App Server, a bidirectional protocol that decouples the Codex coding agent's core logic from its various client surfaces.

A new malware campaign is targeting software developers with a new information stealer called Evelyn Stealer, which weaponizes the Microsoft Visual Studio Code (VS Code) extension ecosystem. According ...

Microsoft announced that the Copilot Studio extension for the Visual Studio Code (VS Code) integrated development environment is now available to all users. Developers can use it to build and manage ...

Microsoft has officially announced the general availability of the Copilot Studio extension for Visual Studio Code. As a result, developers now have a more structured way to build and manage Copilot ...

Visual Studio Code is a free code editor from Microsoft, based on open source. It’s highly customizable with tens of thousands of themes and extensions, including those for working with any ...

A campaign involving 19 Visual Studio (VS) Code extensions that embed malware inside their dependency folders has been uncovered by cybersecurity researchers. Active since February 2025 but identified ...

Google has launched an official Colab extension for Visual Studio Code, aiming to bridge the gap between local development and powerful cloud computing for AI and machine learning. The new tool allows ...

GlassWorm, a self-propagating malware targeting Visual Studio Code (VS Code) extensions on the Open VSX marketplace, have apparently continued despite statements that the threat had been contained.

Treat this as an immediate security incident, CISOs advised; researchers say it’s one of the most sophisticated supply chain attacks they’ve seen, and it’s spreading. A month after a self-propagating ...