Attackers can abuse VS Code configuration files for RCE when a GitHub Codespaces user opens a repository or pull request.

Eclipse Foundation to require pre-publish security checks for Open VSX extensions to reduce VS Code supply-chain risk.

A compromised Open VSX publisher account was used to distribute malicious extensions in a new GlassWorm supply chain attack.

Two malicious VS Code extensions have exfiltrated code snippets, API keys, and proprietary algorithms from 1.5 million ...

In a a robust Hacker News thread sparked by Jamf Threat Labs research, a VS Code team member defended the editor's Workspace ...

The classic VS Code is great and all, but these specialized forks are better for certain programming tasks ...

A new GlassWorm malware attack through compromised OpenVSX extensions focuses on stealing passwords, crypto-wallet data, and developer credentials and configurations from macOS systems.

Cybersecurity researchers from Socket’s Threat Research team have identified a developer-compromise supply chain attack ...

Microsoft outlines new AI reliability, agentic coding, and Copilot improvements coming to Visual Studio 2026, with a focus on ...

OpenAI's new GPT-5.3-Codex is 25% faster and goes way beyond coding now - what's new ...

Sam Altman-led OpenAI launched GPT-5.3-Codex, which is a fast, agentic model that it believes goes beyond coding and can ...

A misconfiguration in Microsoft-managed storage accounts triggered cascading failures across virtual machine operations, managed identities, and developer workflows.