Marketplace that were collectively installed 1.5 million times, exfiltrate developer data to China-based servers.

Two VSCode extensions are harvesting sensitive data and sending it to China.

Moltbot doesn't have a VSCode extension - you're downloading malware instead ...

A new Visual Studio Code extension called Nogic sparked a wide-ranging Hacker News discussion, with commenters praising its graph-based approach to understanding complex codebases while also raising ...

Cybersecurity researchers from Socket’s Threat Research team have identified a developer-compromise supply chain attack ...

Two malicious VS Code extensions have exfiltrated code snippets, API keys, and proprietary algorithms from 1.5 million ...

Attackers can abuse VS Code configuration files for RCE when a GitHub Codespaces user opens a repository or pull request.

Open VSX supply chain attack hijacked VS Code extensions delivered GlassWorm malware stealing macOS, crypto, and developer ...

Microsoft released new open‑source quantum development tools that deepen VS Code and Copilot integration while targeting real‑world hybrid quantum workloads in chemistry, optimization, and machine ...

The self-replicating malware has poisoned a fresh set of Open VSX software components, leaving potential downstream victims ...

OpenJDK JEP 527，TLS 1.3的后量子混合密钥交换（Post-Quantum Hybrid Key Exchange for TLS 1.3）已从Candidate状态提升为JDK 27的Proposed to Target状态。该JEP提议利用互联网工程任务组（Internet Engineering Task ...