OpenClaw's Node for VS Code extension proved it can support a real local file-based workflow, but on Windows the experience still feels more like early infrastructure than finished tooling.

Critical and high-severity vulnerabilities were found in four widely used Visual Studio Code extensions with a combined 128 million downloads, exposing developers to file theft, remote code execution, ...

Security researchers revealed two malicious VS Code extensions exfiltrated code snippets, API keys, and proprietary algorithms from 1.5 million developers to servers in China while masquerading as AI ...

Two malicious VS Code extensions (1.5M installs) secretly exfiltrate source files to a China-based server, while PackageGate zero-days affect JavaScript package managers—pnpm, vlt and Bun patched; npm ...

Cybersecurity researchers have disclosed details of a malware campaign that's targeting software developers with a new information stealer called Evelyn Stealer by weaponizing the Microsoft Visual ...

The Copilot Studio extension lets developers use any VS Code-compatible AI assistant to develop AI agents, then sync with Copilot Studio for testing and iteration. Microsoft is offering a Microsoft ...

Microsoft has officially announced the general availability of the Copilot Studio extension for Visual Studio Code. As a result, developers now have a more structured way to build and manage Copilot ...

A glut of extensions from programmers who don’t understand their AI-written code has delayed reviews. A glut of extensions from programmers who don’t understand their AI-written code has delayed ...

A new pair of malicious Visual Studio Code extensions capable of harvesting screenshots, browser sessions and stored credentials has been discovered by cybersecurity researchers. The extensions, ...

A new malware campaign is A/B testing delivery effectiveness on software developers using malicious VS Code extensions. In a campaign tracked by Koi, a threat actor published two malicious VS Code ...

Two malicious extensions on Microsoft's Visual Studio Code Marketplace infect developers' machines with information-stealing malware that can take screenshots, steal credentials, crypto wallets, and ...

Threat actors continue to probe Visual Studio Code's extension ecosystem, and a late November incident shows how quickly a trusted developer tool can be turned into a supply chain beachhead. In a ...