North Korea is doubling down on a familiar playbook by weaponizing trust in open-source software and developer workflows. The ...

Two VSCode extensions are harvesting sensitive data and sending it to China.

Security researchers found two AI-branded VS Code extensions with 1.5M installs that covertly send source code and files to ...

VS Code forks like Cursor, Windsurf, and Antigravity may share a common foundation, but hands-on testing shows they reflect sharply different philosophies around AI autonomy, workflow structure, and ...

Marketplace that were collectively installed 1.5 million times, exfiltrate developer data to China-based servers.

Cybersecurity researchers identified malware-infected browser extensions on Chrome, Firefox, and Edge browsers.

Another wave of malicious browser extensions capable of tracking user activity have been found across Chrome, Firefox, and ...

Microsoft has released the Copilot Studio extension for Visual Studio Code to general availability, enabling teams to build, ...

Threat actors behind the campaign are abusing Microsoft Visual Studio Code’s trusted workflows to execute and persist ...

North Korean hackers abuse Visual Studio Code task files in fake job projects to deploy backdoors, spyware, and crypto miners ...