Flaws in popular VSCode extensions expose developers to attacks

Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local ...
Bleeping Computer

Malicious crypto-stealing VSCode extensions resurface on OpenVSX

A threat actor called TigerJack is constantly targeting developers with malicious extensions published on Microsoft's Visual Code (VSCode) marketplace and OpenVSX registry to steal cryptocurrency and ...
Infosecurity-magazine.com

New Attacks Exploit VSCode Extensions and npm Packages

A recent investigation by security researchers has revealed a troubling surge in malicious campaigns exploiting popular development tools, including VSCode extensions and npm packages. These campaigns ...
Visual Studio Magazine

Dedicated Python Environments Tool Rolls Out in VS Code Update

The Python team at Microsoft is continuing its overhaul of environment management in Visual Studio Code, with the August 2025 release advancing the controlled rollout of the new Python Environments ...
TechRadar

Hackers are using malicious Microsoft VSCode extensions to steal passwords

Cybersecurity researchers from Check Point have discovered multiple malicious Visual Studio extensions sitting in Microsoft’s VSCode Marketplace. Combined, the three malware were downloaded 46,600 ...
TechRadar

Malicious Microsoft VSCode AI extensions might have hit over 1.5 million users

Two VSCode extensions exfiltrated sensitive user data to Chinese servers ChatGPT – 中文版 and ChatMoss had over 1.5 million installs combined Extensions used hidden iframes, commands, and SDKs to steal ...