Bleeping Computer

GlassWorm malware returns on OpenVSX with 3 new VSCode extensions

The GlassWorm malware campaign, which impacted the OpenVSX and Visual Studio Code marketplaces last month, has returned with three new VSCode extensions that have already been downloaded over 10,000 ...
Visual Studio Magazine

Threat Actors Keep Weaponizing VS Code Extensions

Threat actors continue to probe Visual Studio Code's extension ecosystem, and a late November incident shows how quickly a trusted developer tool can be turned into a supply chain beachhead. In a ...
Your Story

GitHub Copilot Chat extension goes open source in VS Code

Microsoft’s Visual Studio Code (VS Code) team has reached a key milestone in its vision to transform VS Code into an open‑source AI editor. On 30 June 2025, the team announced that the GitHub Copilot ...
CSOonline

TigerJack’s malicious VSCode extensions mine, steal, and stay hidden

The coordinated campaign abuses Visual Studio Code and OpenVSX extensions to steal code, mine cryptocurrency, and maintain remote control, all while posing as legitimate developer tools. In a new ...
CSOonline

Threat actors are spreading malicious extensions via VS marketplaces

Careless developers publishing Visual Studio extensions to two open marketplaces have been including access tokens and other secrets that can be exploited by threat actors, a security vendor has found ...
TechRadar

VSCode extensions pulled over security risks, but millions of users have already installed

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. Security researchers found malicious code hiding in two VSCode extensions Microsoft quickly ...