Malicious AI extensions on VSCode Marketplace steal developer data

Marketplace that were collectively installed 1.5 million times, exfiltrate developer data to China-based servers.
CSO Online

Contagious Interview turns VS Code into an attack vector

Threat actors behind the campaign are abusing Microsoft Visual Studio Code’s trusted workflows to execute and persist ...
The Hacker News

North Korea-Linked Hackers Target Developers via Malicious VS Code Projects

North Korean hackers abuse Visual Studio Code task files in fake job projects to deploy backdoors, spyware, and crypto miners ...
The Hacker News

Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto

Experts reveal Evelyn Stealer malware abusing VS Code extensions to steal developer credentials, browser data, and ...
Visual Studio Magazine

Hands On with Copilot Vision: VS Code's Head Start and How the IDE Is Catching Up

AI space! GitHub Copilot's vision and image-based features arrived first in VS Code in February 2025 and have since become ...
InfoWorld

Why ‘boring’ VS Code keeps winning

Meanwhile, the model layer keeps whiplashing. First, everyone used ChatGPT. Then Gemini was catching up. Now, it seems Claude ...
GitHub

Webview UI Toolkit for Visual Studio Code

The Webview UI Toolkit for VS Code will be deprecated on January 1, 2025. See the deprecation announcement for more details. Webviews are a powerful way to add custom functionality beyond what the ...
GitHub

CodeSonar Extension for Visual Studio Code

This extension from CodeSecure provides access to static code analysis results from a CodeSonar hub inside Visual Studio Code. You will also need access to a CodeSonar hub running CodeSonar 7.1p0 or ...
Bleeping Computer

New GlassWorm malware wave targets Macs with trojanized crypto wallets

A fourth wave of the "GlassWorm" campaign is targeting macOS developers with malicious VSCode/OpenVSX extensions that deliver trojanized versions of crypto wallet applications. Extensions in the ...