In a a robust Hacker News thread sparked by Jamf Threat Labs research, a VS Code team member defended the editor's Workspace ...

A compromised Open VSX publisher account was used to distribute malicious extensions in a new GlassWorm supply chain attack.

Mac users often assume they're safer than everyone else, especially when they stick to official app stores and trusted tools. That sense of security is exactly what attackers like to exploit. Security ...

A new wave of the GlassWorm malware is now targeting macOS developers by hiding malicious code inside fake Visual Studio Code extensions designed to steal cryptocurrency, credentials, and sensitive ...

USC and Notre Dame failed to reach an agreement on playing one another during the 2026 season, placing the future of their annual rivalry game in jeopardy, according to Yahoo Sports. USC is seeking a ...

In this post, we will show you how to create real-time interactive flowcharts for your code using VS Code CodeVisualizer. CodeVisualizer is a free, open-source Visual Studio Code extension that ...

Microsoft is previewing a new AI-assisted tool for Visual Studio Code Insiders called the JavaScript/TypeScript Modernizer. It's designed to help developers modernize older JavaScript or TypeScript ...

A new pair of malicious Visual Studio Code extensions capable of harvesting screenshots, browser sessions and stored credentials has been discovered by cybersecurity researchers. The extensions, ...

You start by getting the official installer from the Visual Studio Code website. Open your preferred browser on Windows. Go to the Visual Studio Code download page ...

In December 2025, the GlassWorm supply chain malware campaign emerged again, affecting both the Microsoft Visual Studio Marketplace and Open VSX platforms. This episode involved 24 extensions posing ...

Google has launched an official Colab extension for Visual Studio Code, aiming to bridge the gap between local development and powerful cloud computing for AI and machine learning. The new tool allows ...

A new proof-of-concept attack shows that malicious Model Context Protocol servers can inject JavaScript into Cursor’s browser — and potentially leverage the IDE’s privileges to perform system tasks.