Two malicious Visual Studio Code extensions, Bitcoin Black and Codo AI, have been observed harvesting sensitive user data ...

There's a lot more to these two than just a name change.

The threat actor skill floor may soon lower as vibe coded ransomware has seemingly been published as an extension for Microsoft's AI code editor Visual Studio Code (VS Code). John Tuckner, founder of ...

Treat this as an immediate security incident, CISOs advised; researchers say it’s one of the most sophisticated supply chain attacks they’ve seen, and it’s spreading. A month after a self-propagating ...

The malware uses invisible Unicode characters to hide its code and blockchain-based infrastructure to prevent takedowns. Visual Studio developers are targeted with a self-propagating worm in a ...

A self-propagating worm is targeting Visual Studio Code (VS Code) extensions in a complex supply chain attack that has infected 35,800 developer machines so far with techniques the likes of which ...

The coordinated campaign abuses Visual Studio Code and OpenVSX extensions to steal code, mine cryptocurrency, and maintain remote control, all while posing as legitimate developer tools. In a new ...

New research has uncovered that publishers of over 100 Visual Studio Code (VS Code) extensions leaked access tokens that could be exploited by bad actors to update the extensions, posing a critical ...

Microsoft updated its free MSSQL extension for Visual Studio Code with new Fabric connectivity and provisioning features in public preview, alongside GitHub Copilot slash commands and multiple ...

A threat actor named WhiteCobra has been targeting VSCode, Cursor, and Windsurf users by planting 24 malicious extensions in the Visual Studio marketplace and the Open VSX registry. The campaign is ...