GlassWorm, a known malware, has put 73 harmful extensions into OpenVSX's registry. Hackers use it to steal developers' crypto ...

Attackers continue to scale a campaign to seed Open VSX with seemingly benign VS Code extensions that spread self-propagating ...

Socket has notified the Eclipse Foundation, which oversees the Open VSX marketplace, of the latest fraudulent additions, and Burckhardt expects that by now all 73 have been deleted.

VS Code extensions since Dec 21, 2025 fuel GlassWorm v2, installing cross-IDE malware and stealing credentials.

Ahead of its April 29 fiscal Q3 earnings release, Microsoft has introduced a range of product updates and strategic changes.

Try these extensions and you'll wonder how you ever lived without them!

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.

Checkmarx suffers a second supply chain attack in a month, resulting in hackers injecting credential-stealing malware into ...

Malicious KICS Docker tags and VS Code versions 1.17.0, 1.19.0 enabled data exfiltration, risking exposed infrastructure ...

GHENT, Belgium, April 20, 2026 (GLOBE NEWSWIRE) -- Aikido Security today launched Aikido Endpoint, a lightweight security agent that protects developer devices against software supply chain attacks by ...

Microsoft has embedded GitHub Copilot as a default VS Code extension in version 1.116, adding agent debug logging, terminal ...

Microsoft is speeding up the delivery of its Visual Studio Code updates. Since last summer, the company has been making monthly releases, each with three or four patches and new functionality, but ...