Three of the four vulnerabilities remained unpatched months after OX Security reported them to the maintainers.

Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local ...

More than 300 Chrome extensions were found to be leaking browser data, spying on users, or stealing user information.

Attackers can abuse VS Code configuration files for RCE when a GitHub Codespaces user opens a repository or pull request.

Welcome to the Chinese JavaScript (cn-js) Language Support extension for Visual Studio Code. This extension provides comprehensive support for writing JavaScript code using Chinese keywords.

Two VSCode extensions exfiltrated sensitive user data to Chinese servers ChatGPT – 中文版 and ChatMoss had over 1.5 million installs combined Extensions used hidden iframes, commands, and SDKs to steal ...

Cybersecurity researchers have discovered two malicious Microsoft Visual Studio Code (VS Code) extensions that are advertised as artificial intelligence (AI)-powered coding assistants, but also harbor ...

Two malicious extensions in Microsoft’s Visual Studio Code (VSCode) Marketplace that were collectively installed 1.5 million times exfiltrate developer data to China-based servers. Both extensions are ...

Java, Scala, Clojure, Kotlin, Python, Haskell, Agda, Rust, JavaScript, TypeScript, Erlang, Go, Groovy, Ruby, Elixir, ObjectiveC, PHP, HTML, XML, SQL, Apex language ...

A massive file harvesting campaign is ongoing, targeting VS Code developers. Over 1.5 million users have downloaded knock-off extensions that function like AI coding assistants but are also bristling ...