For a few days now, a supply chain attack has been running through the Visual Studio Code marketplaces. Both Microsoft's Marketplace and the alternative Open-VSX marketplace of the Eclipse Foundation ...

Threat actors continue to probe Visual Studio Code's extension ecosystem, and a late November incident shows how quickly a trusted developer tool can be turned into a supply chain beachhead. In a ...

Microsoft's text editor 'Visual Studio Code' has an extension marketplace, where users can easily install various extensions. A Reddit post pointed out that only Microsoft extensions can use special ...

A campaign involving 19 Visual Studio (VS) Code extensions that embed malware inside their dependency folders has been uncovered by cybersecurity researchers. Active since February 2025 but identified ...

A new campaign involving malicious Visual Studio Code (VS Code) extensions has exposed a loophole in the VS Code Marketplace that allows threat actors to reuse names of previously removed packages.