Attackers can abuse VS Code configuration files for RCE when a GitHub Codespaces user opens a repository or pull request.

The January 2026 update has arrived.

Eclipse Foundation to require pre-publish security checks for Open VSX extensions to reduce VS Code supply-chain risk.

Cybersecurity researchers from Socket’s Threat Research team have identified a developer-compromise supply chain attack ...

In a a robust Hacker News thread sparked by Jamf Threat Labs research, a VS Code team member defended the editor's Workspace ...

A fake VS Code extension posing as a Moltbot AI assistant installed ScreenConnect malware, giving attackers persistent remote ...

VS Code forks like Cursor, Windsurf, and Google Antigravity may share a common foundation, but hands-on testing shows they ...

The project is in an experimental, pre-alpha, exploratory phase with the intention to be productionized. We move fast, break things, and explore various aspects of the seamless developer experience ...

Threat actors behind the campaign are abusing Microsoft Visual Studio Code’s trusted workflows to execute and persist ...

An experimental feature in VS Code 1.108, Agent Skills are folders of instructions, scripts, and resources that GitHub Copilot can load for specialized tasks. Visual Studio Code 1.108, the latest ...

Sourcegraph’s AI code assistant goes beyond individual dev productivity, helping you achieve consistency and quality at scale with AI. Sourcegraph accelerates the entire workflow for developers by ...

Microsoft has made its development tool XAML Studio open source, eight years after its initial release. Version 2.0 is next, and some new features are planned, which interested parties can already try ...