Fake AI Chrome extensions with 300K users steal credentials, emails

A set of 30 malicious Chrome extensions that have been installed by more than 300,000 users are masquerading as AI assistants ...
Technobezz on MSN

GlassWorm malware hits macOS via compromised VS Code extensions

Malware targets macOS developers via compromised VS Code extensions, stealing credentials and crypto data via ...
SecurityWeek

VS Code Configs Expose GitHub Codespaces to Attacks

Attackers can abuse VS Code configuration files for RCE when a GitHub Codespaces user opens a repository or pull request.
Visual Studio Magazine

VS Code Team Member Blames User Trust Decisions in Repo-Based Attacks

In a a robust Hacker News thread sparked by Jamf Threat Labs research, a VS Code team member defended the editor's Workspace ...
GitHub

Superceded Extensions Should Be Completely Removed

There should be an option to prevent retention of obsolete extension files. Security scans are flagging out-of-date extensions but users have updated VS Code and all extensions. It seems that during ...
The Hacker News

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Cybersecurity researchers have discovered two malicious Microsoft Visual Studio Code (VS Code) extensions that are advertised as artificial intelligence (AI)-powered coding assistants, but also harbor ...
The Hacker News

GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection

The JavaScript (aka JScript) malware loader called GootLoader has been observed using a malformed ZIP archive that's designed to sidestep detection efforts by concatenating anywhere from 500 to 1,000 ...
GitHub

ty extension for Visual Studio Code

A Visual Studio Code extension for ty, an extremely fast Python type checker and language server, written in Rust. The extension ships with ty==0.0.12. Once installed in Visual Studio Code, ty will ...