The Hacker News

Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs

Critical vulnerabilities in four widely used VS Code extensions could enable file theft and remote code execution across 125M ...
InfoWorld

Flaws in four popular VS Code extensions left 128 million installs open to attack

Three of the four vulnerabilities remained unpatched months after OX Security reported them to the maintainers.

Flaws in popular VSCode extensions expose developers to attacks

Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local ...
InfoWorld

Google adds automated code reviews to Conductor AI

The Conductor extension now can generate post-implementation code quality and compliance reports based on developer specifications.

Innovative Solutions Launches DarcyIQ MCP Studio to Streamline Operations by Connecting AI Agents with Critical Business Systems

Innovative Solutions, the fastest growing Amazon Web Services (AWS) Premier Tier Services Partner that delivers AI and data ...
The Hacker News

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

Cybersecurity researchers have discovered two malicious packages in the Python Package Index (PyPI) repository that masquerade as spellcheckers but contain functionality to deliver a remote access ...
Bleeping Computer

New malware service guarantees phishing extensions on Chrome web store

A new malware-as-a-service (MaaS) called 'Stanley' promises malicious Chrome extensions that can clear Google's review process and publish them to the Chrome Web Store. Researchers at end-to-end data ...
TechRadar

Malicious Microsoft VSCode AI extensions might have hit over 1.5 million users

Two VSCode extensions exfiltrated sensitive user data to Chinese servers ChatGPT – 中文版 and ChatMoss had over 1.5 million installs combined Extensions used hidden iframes, commands, and SDKs to steal ...
GitHub

Language Server for Kotlin

The project is in an experimental, pre-alpha, exploratory phase with the intention to be productionized. We move fast, break things, and explore various aspects of the seamless developer experience ...
cybernews

Evelyn Stealer campaign weaponizes Microsoft’s Visual Studio Code ecosystem

A new malware campaign is targeting software developers with a new information stealer called Evelyn Stealer, which weaponizes the Microsoft Visual Studio Code (VS Code) extension ecosystem. According ...
Visual Studio Magazine

Top 5 AI Tools for Visual Studio 2026

Visual Studio 2026 includes GitHub Copilot functionality built into the IDE, while third-party AI coding assistants remain available through the Visual Studio Marketplace. Using Marketplace install ...
TechRadar

More malicious browser extensions uncovered - Chrome, Firefox, and Edge all affected

Security researchers LayerX have discovered 17 extensions for Chrome, Firefox, and Edge browsers which monitored people’s internet activity and installed backdoors for persistent access. In total, the ...