Three of the four vulnerabilities remained unpatched months after OX Security reported them to the maintainers.

A new VS Code extension called Nogic visualizes codebases as interactive graphs and drew strong interest on Hacker News. Commenters praised the concept for understanding large or unfamiliar codebases, ...

Attackers can abuse VS Code configuration files for RCE when a GitHub Codespaces user opens a repository or pull request.

Those project files you deleted might not actually be deleted.

The January 2026 update has arrived.

In a a robust Hacker News thread sparked by Jamf Threat Labs research, a VS Code team member defended the editor's Workspace ...

Two malicious extensions in Microsoft’s Visual Studio Code (VSCode) Marketplace that were collectively installed 1.5 million times exfiltrate developer data to China-based servers. Both extensions are ...

OpenAI has launched GPT-5.3 Codex offering a 25% speed increase over GPT-5.2 Codex, helping developers ship code faster.

Critical vulnerabilities in four widely used VS Code extensions could enable file theft and remote code execution across 125M ...

Visual Studio Code 1.109 introduces enhancements for providing agents with more skills and context and managing multiple ...

Lazarus group’s Contagious Interview campaign abuses Visual Studio Code via malicious Git repositories Attackers deliver JavaScript payloads on macOS, enabling persistent data harvesting and C2 ...