Flaws in popular VSCode extensions expose developers to attacks

Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local ...
SecurityWeek

VS Code Configs Expose GitHub Codespaces to Attacks

Attackers can abuse VS Code configuration files for RCE when a GitHub Codespaces user opens a repository or pull request.
GitHub

Task for Visual Studio Code

Task is a task runner / build tool that aims to be simpler and easier to use than, for example, GNU Make. checkForUpdates boolean true Check if there is a newer version of Task on startup.
The Hacker News

ThreatsDay Bulletin: Codespaces RCE, AsyncRAT C2, BYOVD Abuse, AI Cloud Intrusions & 15 ...

Key cyber updates on ransomware, cloud intrusions, phishing, botnets, supply-chain risks, and nation-state threat activity.
Visual Studio Magazine

VS Code Team Member Blames User Trust Decisions in Repo-Based Attacks

In a a robust Hacker News thread sparked by Jamf Threat Labs research, a VS Code team member defended the editor's Workspace ...
GitHub

force installation of recommended plugins in .vscode/extensions.json

When working on a team project, it's crucial to maintain a consistent development environment. Visual Studio Code (VSCode) extensions play a vital role in enhancing productivity and enforcing coding ...