The Hacker News

VS Code Forks Recommend Missing Extensions, Creating Supply Chain Risk in Open VSX

AI-based VS Code forks recommended unclaimed extensions, allowing malicious uploads in Open VSX and risking developer systems ...

VSCode IDE forks expose users to "recommended extension" attacks

Popular AI-powered integrated development environment solutions, such as Cursor, Windsurf, Google Antigravity, and Trae, ...

How to create and run a PowerShell script file on Windows 11 or 10

To change the execution policy to run PowerShell scripts on Windows 11 (or 10), use these steps: Open Start. Search for ...
PressBoxOnline

Best Of 2025: Best Extension

A common discussion point among Orioles fans in recent years has been the lack of extensions awarded to core players, but that conversation changed when the club signed Samuel Basallo to an eight-year ...
Infosecurity-magazine.com

Malware Discovered in 19 Visual Studio Code Extensions

A campaign involving 19 Visual Studio (VS) Code extensions that embed malware inside their dependency folders has been uncovered by cybersecurity researchers. Active since February 2025 but identified ...
bitnewsbot

GlassWorm Malware Hits 24 VS Code Extensions on Major Marketplaces

In December 2025, the GlassWorm supply chain malware campaign emerged again, affecting both the Microsoft Visual Studio Marketplace and Open VSX platforms. This episode involved 24 extensions posing ...
Geeky Gadgets

Go Green with VS Code for Quicker AI Tools & Safer Model Control

Have you ever wondered if your go-to tools might be holding you back? For millions of developers, Visual Studio Code (VS Code) is the undisputed champion of code editors, celebrated for its ...
winbuzzer.com

Google Releases Colab Extension for VS Code

Google has launched an official Colab extension for Visual Studio Code, aiming to bridge the gap between local development and powerful cloud computing for AI and machine learning. The new tool allows ...
GitHub

Container Tools for Visual Studio Code

The Container Tools extension makes it easy to build, manage, and deploy containerized applications from Visual Studio Code. It also provides one-click debugging of Node.js, Python, and .NET inside a ...
cryptopolitan

3 VS Code extensions stealing credentials for GitHub, VSX, and crypto wallets

Cybersecurity firm Koi Security uncovers a new wave of the GlassWorm campaign, which hides malware in invisible Unicode code within VS Code extensions. The malware steals GitHub, Open VSX, and crypto ...
Dark Reading

GlassWorm Returns, Slices Back into VS Code Extensions

GlassWorm, a self-propagating malware targeting Visual Studio Code (VS Code) extensions on the Open VSX marketplace, have apparently continued despite statements that the threat had been contained.
SecurityWeek

Supply Chain Attack Targets VS Code Extensions With ‘GlassWorm’ Malware

The malware uses invisible Unicode characters to hide its code and blockchain-based infrastructure to prevent takedowns. Visual Studio developers are targeted with a self-propagating worm in a ...