Critical vulnerabilities in four widely used VS Code extensions could enable file theft and remote code execution across 125M installs.

Stop using standard VS Code ...

Attackers can abuse VS Code configuration files for RCE when a GitHub Codespaces user opens a repository or pull request.

In a a robust Hacker News thread sparked by Jamf Threat Labs research, a VS Code team member defended the editor's Workspace ...

Overview: TypeScript is widely used in large projects because its typing works better with AI coding assistants and reduces ...

Threat actors behind the campaign are abusing Microsoft Visual Studio Code’s trusted workflows to execute and persist malicious code. Threat actors behind the long-running Contagious Interview ...

Visual Studio Code 1.109 introduces enhancements for providing agents with more skills and context and managing multiple ...

In this breakdown, The PrimeTime walks through how the newly launched Opus 4.6 and ChatGPT 5.3 are reshaping the way ...

VS Code forks are diverging rapidly, not just in features, but in how they structure AI-assisted development workflows. Cursor emphasizes speed and visual polish, Windsurf leans toward dynamic ...

Copilot Pro+ and Copilot Enterprise users now can run multiple coding agents directly inside GitHub, GitHub Mobile, and ...

网络安全研究人员发现两款伪装成AI编程助手的恶意VS Code插件，总安装量达150万次。这些插件分别是"ChatGPT-中文版"和"ChatGPT-ChatMoss"，功能正常但暗中将用户打开的文件和源代码修改发送至中国服务器。插件还内置实时监控功能，可远程触发窃取工作区文件，并通过隐藏框架加载四个中国数据分析SDK进行设备指纹识别。