Malicious AI extensions on VSCode Marketplace steal developer data

Marketplace that were collectively installed 1.5 million times, exfiltrate developer data to China-based servers.
IT-Online

SQL Developer

Our client is a technology company delivering integrated software and data solutions to the retail and distribution sector. They focus on building scalable, high-performance systems that connect POS, ...
SecurityWeek

VS Code Configs Expose GitHub Codespaces to Attacks

Attackers can abuse VS Code configuration files for RCE when a GitHub Codespaces user opens a repository or pull request.
InfoWorld

Visual Studio Code adds agent development extension

The Copilot Studio extension lets developers use any VS Code-compatible AI assistant to develop AI agents, then sync with Copilot Studio for testing and iteration. Microsoft is offering a Microsoft ...

GlassWorm Malware Hits macOS Through Trusted Open VSX Extensions

Cybersecurity researchers from Socket’s Threat Research team have identified a developer-compromise supply chain attack ...

I tried a Claude Code alternative that's local, open source, and completely free - how it works

I tried a Claude Code alternative that's local, open source, and completely free - how it works ...
TechRadar

Malicious Microsoft VSCode AI extensions might have hit over 1.5 million users

Two VSCode extensions exfiltrated sensitive user data to Chinese servers ChatGPT – 中文版 and ChatMoss had over 1.5 million installs combined Extensions used hidden iframes, commands, and SDKs to steal ...
Visual Studio Magazine

VS Code 1.109 Deemed a Multi-Agent Development Platform

The January 2026 release of Visual Studio Code expands AI-assisted development with structured planning agents, parallel ...
XDA Developers on MSN

5 developer tools that are incredible even if you're not a developer

Powerful tools built for developers, useful for everyone ...