CSO Online

Vibe-coded ransomware proof-of-concept ended up on Microsoft’s marketplace

A suspicious Visual Studio Code extension with file-encrypting and data-stealing behavior successfully bypassed marketplace ...
GitHub

Python extension for Visual Studio Code

The Python extension will automatically install the following extensions by default to provide the best Python development experience in VS Code: If you set this setting to true, you will manually opt ...

Fake Solidity VSCode extension on Open VSX backdoors developers

A remote access trojan dubbed SleepyDuck, and disguised as the well-known Solidity extension in the Open VSX open-source registry, uses an Ethereum smart contract to establish a communication channel ...
Bleeping Computer

Malicious crypto-stealing VSCode extensions resurface on OpenVSX

A threat actor called TigerJack is constantly targeting developers with malicious extensions published on Microsoft's Visual Code (VSCode) marketplace and OpenVSX registry to steal cryptocurrency and ...
CSOonline

TigerJack’s malicious VSCode extensions mine, steal, and stay hidden

The coordinated campaign abuses Visual Studio Code and OpenVSX extensions to steal code, mine cryptocurrency, and maintain remote control, all while posing as legitimate developer tools. In a new ...
InfoWorld

Malicious npm packages contain Vidar infostealer

Researchers say the malware was in the repository for two weeks, advise precautions to defend against malicious packages.
XDA Developers on MSN

VS Code is an open-source platform these days, not just a development tool

At its core, VS Code is built on an open source project called Code OSS, published under the permissive MIT license.