Bleeping Computer

Flaws in popular VSCode extensions expose developers to attacks

Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local ...

CrowdStrike takes down major botnet targeting developers across the world

The Glassworm botnet is no more, thanks to coordinated efforts between CrowdStrike, Google, and the Shadowserver Foundation.
Compare the Cloud

GitHub VSCode extension breach exposes developer toolchain as a primary attack surface

An unauthorised group calling itself TeamPCP accessed GitHub's internal repositories, targeting VSCode extensions used by ...

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...
Bleeping Computer

Malicious VSCode extension in Cursor IDE led to $500K crypto theft

A fake extension for the Cursor AI IDE code editor infected devices with remote access tools and infostealers, which, in one case, led to the theft of $500,000 in cryptocurrency from a Russian crypto ...
ZDNet

Microsoft boosts programming language Python's popular VS Code extension

Microsoft has released a host of improvements and fixes for the Python extension for its popular open-source code editor, Visual Studio Code (VS Code), as well as new improvements for Java on VS Code.
TechRadar

VSCode extensions pulled over security risks, but millions of users have already installed

Security researchers found malicious code hiding in two VSCode extensions Microsoft quickly pulled them and notifies users The developer criticized Microsoft's move, saying they were never consulted ...