TechRadar

Malicious Microsoft VSCode AI extensions might have hit over 1.5 million users

Two VSCode extensions exfiltrated sensitive user data to Chinese servers ChatGPT – 中文版 and ChatMoss had over 1.5 million installs combined Extensions used hidden iframes, commands, and SDKs to steal ...
Bleeping Computer

Malicious AI extensions on VSCode Marketplace steal developer data

Two malicious extensions in Microsoft’s Visual Studio Code (VSCode) Marketplace that were collectively installed 1.5 million times exfiltrate developer data to China-based servers. Both extensions are ...
Visual Studio Magazine

VS Code Team Member Blames User Trust Decisions in Repo-Based Attacks

In a a robust Hacker News thread sparked by Jamf Threat Labs research, a VS Code team member defended the editor's Workspace ...
SecurityWeek

VS Code Configs Expose GitHub Codespaces to Attacks

Attackers can abuse VS Code configuration files for RCE when a GitHub Codespaces user opens a repository or pull request.
PC World

840,000+ users hit by malicious browser extensions. Uninstall these ASAP!

PCWorld reports that over 840,000 users were infected by malicious browser extensions containing GhostPoster malware hidden in extension logos. These harmful extensions operated undetected in official ...