"Under New Management" keeps an eye on the Chrome Web Store, looking for new developer names that show up when extensions are sold off.

This hands-on PoC shows how I got an open-source model running locally in Visual Studio Code, where the setup worked, where it broke down, and what to watch out for if you want to apply a local model ...

More fun than it should be, honestly.

Critical and high-severity vulnerabilities were found in four widely used Visual Studio Code extensions with a combined 128 million downloads, exposing developers to file theft, remote code execution, ...

Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local ...

Threat actors compromised the Open VSX Registry on January 30, 2026, pushing malicious updates to four trusted VS Code extensions with over 22,000 combined downloads. The attack targeted macOS ...

The Copilot Studio extension lets developers use any VS Code-compatible AI assistant to develop AI agents, then sync with Copilot Studio for testing and iteration. Microsoft is offering a Microsoft ...

Mac users often assume they're safer than everyone else, especially when they stick to official app stores and trusted tools. That sense of security is exactly what attackers like to exploit. Security ...

VS Code snippets and keybinding-based editor.action.insertSnippet commands can replicate the core behavior of unmaintained extensions such as htmltagwrap. Different approaches -- custom extensions, ...

Popular artificial intelligence (AI)-powered Microsoft Visual Studio Code (VS Code) forks such as Cursor, Windsurf, Google Antigravity, and Trae have been found to recommend extensions that are ...

A new wave of the GlassWorm malware is now targeting macOS developers by hiding malicious code inside fake Visual Studio Code extensions designed to steal cryptocurrency, credentials, and sensitive ...