Malicious Microsoft AI extensions might have hit over 1.5 million users

Two VSCode extensions are harvesting sensitive data and sending it to China.

Malicious AI extensions on VSCode Marketplace steal developer data

Marketplace that were collectively installed 1.5 million times, exfiltrate developer data to China-based servers.

Fake Moltbot AI assistant just spreads malware - so watch out for scams

Moltbot doesn't have a VSCode extension - you're downloading malware instead ...

GlassWorm Malware Hits macOS Through Trusted Open VSX Extensions

Cybersecurity researchers from Socket’s Threat Research team have identified a developer-compromise supply chain attack ...
Visual Studio Magazine

Buzz About VS Code Extension for Codebase Visualization

A new Visual Studio Code extension called Nogic sparked a wide-ranging Hacker News discussion, with commenters praising its graph-based approach to understanding complex codebases while also raising ...
SecurityWeek

VS Code Configs Expose GitHub Codespaces to Attacks

Attackers can abuse VS Code configuration files for RCE when a GitHub Codespaces user opens a repository or pull request.
The Hacker News

Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm

Open VSX supply chain attack hijacked VS Code extensions delivered GlassWorm malware stealing macOS, crypto, and developer ...

Viral Moltbot AI assistant raises concerns over data security

Security researchers are warning of insecure deployments in enterprise environments of the Moltbot (formerly Clawdbot) AI assistant, which can lead to leaking API keys, OAuth tokens, conversation ...
Visual Studio Magazine

Microsoft Expands Quantum Development Kit with New Open-Source Tools, VS Code Integration

Microsoft released new open‑source quantum development tools that deepen VS Code and Copilot integration while targeting real‑world hybrid quantum workloads in chemistry, optimization, and machine ...
Dark Reading

GlassWorm Malware Returns to Shatter Developer Ecosystems

The self-replicating malware has poisoned a fresh set of Open VSX software components, leaving potential downstream victims ...