TechRadar

VSCode extensions pulled over security risks, but millions of users have already installed

Microsoft has pulled two popular VSCode extensions from its marketplace after finding malicious code hiding inside. However, the original developers don’t seem to be the culprits, and have slammed ...
The Hacker News

VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks

VS Code 1.123 adds a two-hour delay before extensions auto-update to newer versions when automatic updates are enabled.
Bleeping Computer

VSCode extensions found downloading early-stage ransomware

Two malicious VSCode Marketplace extensions were found deploying in-development ransomware, exposing critical gaps in Microsoft's review process. The extensions, named "ahban.shiba" and ...
Bleeping Computer

Malicious VSCode extensions with millions of installs discovered

A group of Israeli researchers explored the security of the Visual Studio Code marketplace and managed to "infect" over 100 organizations by trojanizing a copy of the popular 'Dracula Official theme ...
CSOonline

Verified, but vulnerable: Malicious extensions exploit IDE trust badges

Developers across popular integrated development environments (IDEs) like Visual Studio Code, Visual Studio, IntelliJ IDEA, and Cursor are at risk of running malicious extensions marked as “verified.” ...
TWCN Tech News

How to install JavaScript in VSCode

Visual Studio Code is a code editor that is completely free and open-source. It has been developed by Microsoft and is highly regarded by developers due to its lightweight, fast, and extensible design ...