The Glassworm campaign has compromised over 151 GitHub repositories and npm packages using invisible Unicode payloads that evade standard code review.

Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace ...

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.

GlassWorm campaign used 72 malicious Open VSX extensions and infected 151 GitHub repositories, enabling stealth supply-chain attacks on developers.

Microsoft is speeding up the delivery of its Visual Studio Code updates. Since last summer, the company has been making ...

Microsoft's February 2026 Foundry update includes broader platform changes, but the most immediate developer-facing news for VS Code users is an AI Toolkit refresh centered on tool discovery, agent ...

Enterprises seeking to make good on the promise of agentic AI will need a platform for building, wrangling, and monitoring AI agents in purposeful workflows. In this quickly evolving space, myriad ...

Java turned 30 in 2025. That's a good time to look back, but also forward.

Transform your code files into organized, navigable documents with a table of contents-like structure. Create sections using simple comments, then use VS Code's built-in Outline panel to view and ...

A "coordinated developer-targeting campaign" is using malicious repositories disguised as legitimate Next.js projects and technical assessments to trick victims into executing them and establish ...

A flexible Language Server Protocol (LSP) proxy extension for VS Code that dynamically forwards requests to any LSP server based on configuration files. No more installing separate extensions for each ...

Researchers at OX Security have detected four vulnerabilities in three of the most popular integrated development environments (IDEs) that could lead to cyber-attacks. In a report published on ...