Marketplace that were collectively installed 1.5 million times, exfiltrate developer data to China-based servers.

The VS Code killer I wasn’t expecting ...

Threat actors behind the campaign are abusing Microsoft Visual Studio Code’s trusted workflows to execute and persist ...

In this post, we will show you how to create real-time interactive flowcharts for your code using VS Code CodeVisualizer. CodeVisualizer is a free, open-source Visual Studio Code extension that ...

A campaign involving 19 Visual Studio (VS) Code extensions that embed malware inside their dependency folders has been uncovered by cybersecurity researchers. Active since February 2025 but identified ...

You start by getting the official installer from the Visual Studio Code website. Open your preferred browser on Windows. Go to the Visual Studio Code download page ...

In December 2025, the GlassWorm supply chain malware campaign emerged again, affecting both the Microsoft Visual Studio Marketplace and Open VSX platforms. This episode involved 24 extensions posing ...

Cybersecurity firm Koi Security uncovers a new wave of the GlassWorm campaign, which hides malware in invisible Unicode code within VS Code extensions. The malware steals GitHub, Open VSX, and crypto ...

The threat actor skill floor may soon lower as vibe coded ransomware has seemingly been published as an extension for Microsoft's AI code editor Visual Studio Code (VS Code). John Tuckner, founder of ...

VS Code has become the top choice for web developers. It’s been around only 8 years but has grown a lot. This is thanks to its huge library of extensions and how it boosts productivity. VS Code’s ...