In a a robust Hacker News thread sparked by Jamf Threat Labs research, a VS Code team member defended the editor's Workspace Trust model as the primary safeguard against repo-based malware -- while ...

Two malicious VS Code extensions have exfiltrated code snippets, API keys, and proprietary algorithms from 1.5 million ...

Choose from auto-detected languages Edit in a new tab with syntax highlighting Press Ctrl+S to save and sync back Note: Language detection is built into the extension and cannot be customized by users ...

A fake VS Code extension posing as a Moltbot AI assistant installed ScreenConnect malware, giving attackers persistent remote ...

A hands-on test compared Visual Studio Code and Google Antigravity on generating and refining a simple dynamic Ticket Desk ...

A：MaliciousCorgi是指两个恶意 VS Code 扩展的攻击活动，这些扩展伪装成AI编程助手，实际上会窃取开发者的源代码和文件内容，发送到中国服务器。两个扩展总安装量达150万次。

North Korea is doubling down on a familiar playbook by weaponizing trust in open-source software and developer workflows. The ...

Security researchers found two AI-branded VS Code extensions with 1.5M installs that covertly send source code and files to ...

Security researchers are increasingly citing Visual Studio Code as part of supply chain attacks on developers. Researchers at Jamf recently identified ...

Claude Code VS Code扩展的推出，旨在通过高效的工具提升开发者的工作效率。用户可以通过该扩展方便地审查或自动接受Claude的编辑建议，这不仅提高了代码审查的速度，还能有效减少人为错误。此外，该扩展支持@-mentions功能，用户可以轻松引用文件行范围，便于团队协作与交流。

North Korean-linked hackers have targeted more than 3,100 IP addresses tied to AI, crypto, and finance firms through fake job interviews. The campaign used frau ...

Once trust is granted to the repository's author, a malicious app executes arbitrary commands on the victim's system with no ...