Bleeping Computer

VSCode Marketplace can be abused to host malicious extensions

Researchers have found it surprisingly easy to upload malicious Visual Studio Code extensions to the VSCode Marketplace, and discovered signs of threat actors already exploiting this weakness. Visual ...

VSCode IDE forks expose users to "recommended extension" attacks

Popular AI-powered integrated development environment solutions, such as Cursor, Windsurf, Google Antigravity, and Trae, ...