Eclipse Foundation to require pre-publish security checks for Open VSX extensions to reduce VS Code supply-chain risk.

Those project files you deleted might not actually be deleted.

A new Visual Studio Code extension called Nogic sparked a wide-ranging Hacker News discussion, with commenters praising its ...

GlassWorm malware is expanding to open source platforms, targeting macOS users with infostealers.

In a a robust Hacker News thread sparked by Jamf Threat Labs research, a VS Code team member defended the editor's Workspace Trust model as the primary safeguard against repo-based malware -- while ...

Versions installed via Snap don't delete files when users empty system trash Linux users who installed Microsoft's Visual Studio Code as a Snap package may want to check to see whether files they sent ...

A fake VS Code extension posing as a Moltbot AI assistant installed ScreenConnect malware, giving attackers persistent remote ...

Once trust is granted to the repository's author, a malicious app executes arbitrary commands on the victim's system with no ...

Quantum computing has attracted attention for years, but for most developers it has felt distant and impractical. By making its development kit open source and integrating it with widely used tools ...

North Korea is doubling down on a familiar playbook by weaponizing trust in open-source software and developer workflows. The ...

Cybersecurity researchers from Socket’s Threat Research team have identified a developer-compromise supply chain attack targeting macOS users, where ...

Marketplace that were collectively installed 1.5 million times, exfiltrate developer data to China-based servers.