Flaws in popular VSCode extensions expose developers to attacks

Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local ...
GitHub

LZaruba/spock-test-runner-vscode

Inspiration: This extension was inspired by Daniel Micah's spock-test-runner but focuses exclusively on VS Code's Test API integration rather than CodeLens functionality.
The Hacker News

Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution

Cybersecurity researchers have disclosed two new security flaws in the n8n workflow automation platform, including a crucial vulnerability that could result in remote code execution. Shachar Menashe, ...
GitHub

Cloudsmith Visual Studio Code Extension

To install the extension, open the Extensions view, search for cloudsmith to filter results and select the Cloudsmith extension authorised by Cloudsmith. Entitlement tokens are not supported. Personal ...
The Hacker News

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Cybersecurity researchers have discovered two malicious Microsoft Visual Studio Code (VS Code) extensions that are advertised as artificial intelligence (AI)-powered coding assistants, but also harbor ...