CSO Online

Flaws in four popular VS Code extensions left 128 million installs open to attack

Three of the four vulnerabilities remained unpatched months after OX Security reported them to the maintainers.
Dark Reading

Python-Based Malware Slithers Into Systems via Legit VS Code

A known Chinese advanced persistent threat (APT) group known as Mustang Panda is the likely culprit behind a sophisticated, ongoing cyber-espionage campaign. It starts with a malicious email, and ...
Visual Studio Magazine

VS Code 1.107 (November 2025 Update) Expands Multi-Agent Orchestration, Model Management

The latest monthly update to Visual Studio Code, version 1.107 (the November 2025 release), continues Microsoft's focus on AI-assisted workflows with expanded multi-agent orchestration across local, ...
Infosecurity-magazine.com

Malicious Microsoft VS Code Extensions Used in Cryptojacking Campaign

An unknown threat actor is deploying a large-scale, sophisticated cryptojacking campaign through a series of malicious extensions in Visual Studio Code, Microsoft’s lightweight source-code editor, ...
Visual Studio Magazine

VS Code Team Member Blames User Trust Decisions in Repo-Based Attacks

A Hacker News commenter identifying as a VS Code team member said Workspace Trust is the intended security protection against repo-based attacks. The commenter acknowledged user experience issues and ...