Attackers can abuse VS Code configuration files for RCE when a GitHub Codespaces user opens a repository or pull request.

In a a robust Hacker News thread sparked by Jamf Threat Labs research, a VS Code team member defended the editor's Workspace ...

Two malicious extensions in Microsoft’s Visual Studio Code (VSCode) Marketplace that were collectively installed 1.5 million times exfiltrate developer data to China-based servers. Both extensions are ...

A Visual Studio Code extension for running accessibility audits using be-a11y. This extension allows you to analyze your project or a remote website for accessibility issues directly from VSCode.

This repository demonstrates a research prototype that implements a simple n‑gram language model for code completion in VS Code. It is not guaranteed to be stable, fast, or secure enough for ...

The JavaScript (aka JScript) malware loader called GootLoader has been observed using a malformed ZIP archive that's designed to sidestep detection efforts by concatenating anywhere from 500 to 1,000 ...

Cybersecurity researchers have disclosed details of a new attack method dubbed Reprompt that could allow bad actors to exfiltrate sensitive data from artificial intelligence (AI) chatbots like ...