The Hacker News

Self-Spreading 'GlassWorm' Infects VS Code Extensions in Widespread Supply Chain Attack

GlassWorm spread via 14 VS Code extensions; Solana + Google Calendar C2; stole credentials, drained 49 wallets.
SecurityWeek

Supply Chain Attack Targets VS Code Extensions With ‘GlassWorm’ Malware

Visual Studio developers are targeted with a self-propagating worm in a sophisticated supply chain attack through the OpenVSX ...

Self-spreading GlassWorm malware hits OpenVSX, VS Code registries

A new and ongoing supply-chain attack is targeting developers on the OpenVSX and Microsoft Visual Studio marketplaces with ...

Hidden "Glassworm" malware spreads through infected VS Code extensions

A new malware worm campaign has infected multiple Microsoft Visual Studio Code extensions using invisible Unicode characters ...
XDA Developers on MSN

7 VS Code extensions that make me a better developer

The Jupyter extension brings Jupyter Notebook functionality into VS Code. It lets you create, open, and edit .ipynb files ...
CSO Online

Threat actors are spreading malicious extensions via VS marketplaces

There isn’t a consistent threat model for extension marketplaces yet, McCarthy said, making it difficult for any platform to ...

Dangerous and invisible worm found in Visual Studio Code extensions

A malware that steals credentials and cryptocurrencies uses Unicode for invisible code and installs a remote access trojan.
XDA Developers on MSN

VS Code is an open-source platform these days, not just a development tool

At its core, VS Code is built on an open source project called Code OSS, published under the permissive MIT license.
マイナビニュース

Visual Studio Code拡張機能の欠陥とは

Mediumが指摘したVisual Studio Code拡張機能におけるセキュリティ上の欠陥は次のとおり。 権限モデルがない。拡張機能はすべての機能を使用できる。テーマに分類される拡張機能は一般的に視覚的な設定権限だけを必要とするが、コードの実行やファイルの ...

Stop Overpaying for AI Coding Tools : Discover the Smarter Alternative

Stop wasting money on AI tools! Learn how to use VS Code and free extensions for professional-grade AI development at no ...