Critical154Important1Moderate0LowMicrosoft addresses 163 CVEs in the April 2026 Patch Tuesday release, including two zero-day ...

Critical and high-severity vulnerabilities were found in four widely used Visual Studio Code extensions with a combined 128 million downloads, exposing developers to file theft, remote code execution, ...

Security researchers revealed two malicious VS Code extensions exfiltrated code snippets, API keys, and proprietary algorithms from 1.5 million developers to servers in China while masquerading as AI ...

Cybersecurity researchers have discovered two malicious Microsoft Visual Studio Code (VS Code) extensions that are advertised as artificial intelligence (AI)-powered coding assistants, but also harbor ...

The Copilot Studio extension for Visual Studio Code is now generally available, allowing agents to be developed and managed directly from the editor. The extension enables software-style workflows for ...

Microsoft has officially announced the general availability of the Copilot Studio extension for Visual Studio Code. As a result, developers now have a more structured way to build and manage Copilot ...

A new pair of malicious Visual Studio Code extensions capable of harvesting screenshots, browser sessions and stored credentials has been discovered by cybersecurity researchers. The extensions, ...

A new malware campaign is A/B testing delivery effectiveness on software developers using malicious VS Code extensions. In a campaign tracked by Koi, a threat actor published two malicious VS Code ...

Two malicious extensions on Microsoft's Visual Studio Code Marketplace infect developers' machines with information-stealing malware that can take screenshots, steal credentials, crypto wallets, and ...

GlassWorm, a self-propagating malware targeting Visual Studio Code (VS Code) extensions on the Open VSX marketplace, have apparently continued despite statements that the threat had been contained.