Flaws in popular VSCode extensions expose developers to attacks

Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local ...
Bleeping Computer

Malicious Microsoft VSCode extensions target devs, crypto community

Malicious Visual Studio Code extensions were discovered on the VSCode marketplace that download heavily obfuscated PowerShell payloads to target developers and cryptocurrency projects in supply chain ...
Visual Studio Magazine

Threat Actors Keep Weaponizing VS Code Extensions

Threat actors continue to probe Visual Studio Code's extension ecosystem, and a late November incident shows how quickly a trusted developer tool can be turned into a supply chain beachhead. In a ...