CSO Online

Flaws in four popular VS Code extensions left 128 million installs open to attack

Three of the four vulnerabilities remained unpatched months after OX Security reported them to the maintainers.

Flaws in popular VSCode extensions expose developers to attacks

Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local ...
Bleeping Computer

Malicious VSCode extensions on Microsoft's registry drop infostealers

Two malicious extensions on Microsoft's Visual Studio Code Marketplace infect developers' machines with information-stealing malware that can take screenshots, steal credentials, crypto wallets, and ...
Dark Reading

'Ransomvibing' Infests Visual Studio Extension Market

The threat actor skill floor may soon lower as vibe coded ransomware has seemingly been published as an extension for Microsoft's AI code editor Visual Studio Code (VS Code). John Tuckner, founder of ...
The Hacker News

Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities

Cybersecurity researchers have flagged a malicious Visual Studio Code (VS Code) extension with basic ransomware capabilities that appears to be created with the help of artificial intelligence – in ...
withinnigeria.com

10 Visual Studio Code Extensions Every Web Developer Needs in 2025

VS Code has become the top choice for web developers. It’s been around only 8 years but has grown a lot. This is thanks to its huge library of extensions and how it boosts productivity. VS Code’s ...
CSOonline

Self-propagating worm found in marketplaces for Visual Studio Code extensions

Treat this as an immediate security incident, CISOs advised; researchers say it’s one of the most sophisticated supply chain attacks they’ve seen, and it’s spreading. A month after a self-propagating ...
Hosted on MSN

Watch This Hair Extension Transformation | From Basic to Beautiful

Something is happening with orcas at sea - The attacks are spreading Jutta Leerdam, Jake Paul's fiancee, impresses speed skating fans with gold medal performance The Trump administration wants you to ...
SecurityWeek

Browser Extensions Pose Serious Threat to Gen-AI Tools Handling Sensitive Data

Browser security firm LayerX has disclosed a new attack method that works against popular gen-AI tools. The attack involves browser extensions and it can be used for covert data exfiltration. The ...
Redmond Magazine

GitHub Copilot Extension for Visual Studio

Microsoft has released a new GitHub Copilot extension in public preview designed to help enterprise .NET developers modernize and migrate legacy applications to Azure. Integrated with Visual Studio ...
securityledger.com

SquareX Discloses Architectural Limitations of Browser DevTools in Debugging Malicious Extensions

Despite the expanding use of browser extensions, the majority of enterprises and individuals still rely on labels such as “Verified” and “Chrome Featured” provided by extension stores as a security ...