Attackers can abuse VS Code configuration files for RCE when a GitHub Codespaces user opens a repository or pull request.

In a a robust Hacker News thread sparked by Jamf Threat Labs research, a VS Code team member defended the editor's Workspace ...

Userware公司于1月27日发布了OpenSilver 3.3版本，这是一个用于使用C#和XAML构建跨平台应用的开源框架的更新版本。OpenSilver 3.3的核心创新是让用于网页开发的Blazor组件可以直接在XAML应用内部运行，大大简化了这些组件的集成过程。

Discover the leading AI code review tools reshaping DevOps practices in 2026, enhancing code quality, security, and team productivity with automated solutions.

North Korea is doubling down on a familiar playbook by weaponizing trust in open-source software and developer workflows. The ...

网络安全研究人员发现两款伪装成AI编程助手的恶意VS Code插件，总安装量达150万次。这些插件分别是"ChatGPT-中文版"和"ChatGPT-ChatMoss"，功能正常但暗中将用户打开的文件和源代码修改发送至中国服务器。插件还内置实时监控功能，可远程触发窃取工作区文件，并通过隐藏框架加载四个中国数据分析SDK进行设备指纹识别。

Security researchers found two AI-branded VS Code extensions with 1.5M installs that covertly send source code and files to ...

As part of the infamous Contagious Interview campaign, North Korean threat actors were seen abusing legitimate Microsoft Visual Studio Code in their attacks.

Threat actors behind the campaign are abusing Microsoft Visual Studio Code’s trusted workflows to execute and persist ...

A campaign involving 19 Visual Studio (VS) Code extensions that embed malware inside their dependency folders has been uncovered by cybersecurity researchers. Active since February 2025 but identified ...

Microsoft is previewing a new AI-assisted tool for Visual Studio Code Insiders called the JavaScript/TypeScript Modernizer. It's designed to help developers modernize older JavaScript or TypeScript ...