GlassWorm malware returns on OpenVSX with 3 new VSCode extensions

The GlassWorm malware campaign, which impacted the OpenVSX and Visual Studio Code marketplaces last month, has returned with ...
Cryptopolitan on MSN

3 VS Code extensions stealing credentials for GitHub, VSX, and crypto wallets

Developers will have to contend with a dormant turned active malicious code on Visual Studio Code (VS Code) extensions, which ...
Visual Studio Magazine

Hands On with New Visual Studio Copilot 'Planning' Feature (Preview)

Microsoft has introduced a new AI-powered capability called Planning in Visual Studio, now available in public preview as part of Visual Studio 2022 version 17.14. The feature extends GitHub Copilot's ...
PC World

Microsoft adds visual search to Windows 11’s built-in screenshot tool

Microsoft is rolling out a new version of the Snipping Tool in Windows 11, which might be worth paying attention to. The big news with this update is that Microsoft is adding a visual search feature ...

Malicious AI-made extension with ransomware capabilities sneaks on to Microsoft's official ...

A malicious extension was published on Microsoft ’s official VS Code marketplace, and was able to remain there for some time ...
The Hacker News

Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities

Cybersecurity researchers have flagged a malicious Visual Studio Code (VS Code) extension with basic ransomware capabilities ...
InfoWorld

Self-propagating worm found in marketplaces for Visual Studio Code extensions

Treat this as an immediate security incident, CISOs advised; researchers say it’s one of the most sophisticated supply chain attacks they’ve seen, and it’s spreading. A month after a self-propagating ...
Visual Studio Magazine

.NET 10 RC2 Is Final Step Before GA, with Help from Uno Platform

Microsoft announced the availability of .NET 10 Release Candidate 2 (RC2), the final prerelease version before general availability. As with RC1, the release is production-ready with a go-live support ...

Open VSX rotates tokens used in supply-chain malware attack

The Open VSX registry rotated access tokens after they were accidentally leaked by developers in public repositories and allowed threat actors to publish malicious extensions in an attempted ...
TechRadar

Microsoft fixes one of its "highest ever" rated security flaws - here's what happened

CVE-2025-55315 enables HTTP request smuggling in ASP.NET Core’s Kestrel web server Attackers can bypass controls, access credentials, alter files, or crash the server Microsoft released updates for ...
The Hacker News

Malicious VSX Extension "SleepyDuck" Uses Ethereum to Keep Its Command Server Alive

Researchers uncover SleepyDuck RAT hidden in VSX extension, using Ethereum contracts to control infected hosts.
heise online

Dangerous and invisible worm found in Visual Studio Code extensions

For a few days now, a supply chain attack has been running through the Visual Studio Code marketplaces. Both Microsoft's Marketplace and the alternative Open-VSX marketplace of the Eclipse Foundation ...