New research has uncovered that publishers of over 100 Visual Studio Code (VS Code) extensions leaked access tokens that ...

At its core, VS Code is built on an open source project called Code OSS, published under the permissive MIT license.

GlassWorm spread via 14 VS Code extensions; Solana + Google Calendar C2; stole credentials, drained 49 wallets.

A threat actor called TigerJack is constantly targeting developers with malicious extensions published on Microsoft's Visual ...

Visual Studio developers are targeted with a self-propagating worm in a sophisticated supply chain attack through the OpenVSX ...

Developers of VS Code extensions are leaking sensitive secrets left, right and center, according to researchers who worked ...

A new malware worm campaign has infected multiple Microsoft Visual Studio Code extensions using invisible Unicode characters ...

A new cyber threat is affecting developers worldwide who work with Visual Studio Code. Researchers at Koi Security have ...

The coordinated campaign abuses Visual Studio Code and OpenVSX extensions to steal code, mine cryptocurrency, and maintain ...

Treat this as an immediate security incident, CISOs advised; researchers say it’s one of the most sophisticated supply chain ...

A new and ongoing supply-chain attack is targeting developers on the OpenVSX and Microsoft Visual Studio marketplaces with ...

There isn’t a consistent threat model for extension marketplaces yet, McCarthy said, making it difficult for any platform to ...