A compromised Open VSX publisher account was used to distribute malicious extensions in a new GlassWorm supply chain attack.

Versions installed via Snap don't delete files when users empty system trash Linux users who installed Microsoft's Visual ...

Two malicious VS Code extensions have exfiltrated code snippets, API keys, and proprietary algorithms from 1.5 million ...

Oh, sure, I can “code.” That is, I can flail my way through a block of (relatively simple) pseudocode and follow the flow. I ...

This week, Italy blocked Russian cyberattacks targeting the Olympics. Flaws in SolarWinds, Ivanti and Microsoft Office.

Attackers can abuse VS Code configuration files for RCE when a GitHub Codespaces user opens a repository or pull request.

Visual Studio Code 1.109 introduces enhancements for providing agents with more skills and context and managing multiple ...

The January 2026 release of Visual Studio Code expands AI-assisted development with structured planning agents, parallel ...

VS Code's official Snap package on Linux has a bug first reported in 2024 that still hasn't been fixed and is gobbling up ...

In a a robust Hacker News thread sparked by Jamf Threat Labs research, a VS Code team member defended the editor's Workspace ...

Key cyber updates on ransomware, cloud intrusions, phishing, botnets, supply-chain risks, and nation-state threat activity.

This week’s cybersecurity recap highlights key attacks, zero-days, and patches to keep you informed and secure.