Coding, transcription, and other productivity tools proved the most invasive, though several other categories are worth watching as well.

In a a robust Hacker News thread sparked by Jamf Threat Labs research, a VS Code team member defended the editor's Workspace Trust model as the primary safeguard against repo-based malware -- while ...

Choose from auto-detected languages Edit in a new tab with syntax highlighting Press Ctrl+S to save and sync back Note: Language detection is built into the extension and cannot be customized by users ...

A compromised Open VSX publisher account was used to distribute malicious extensions in a new GlassWorm supply chain attack.

North Korea is doubling down on a familiar playbook by weaponizing trust in open-source software and developer workflows. The ...

Security researchers found two AI-branded VS Code extensions with 1.5M installs that covertly send source code and files to ...

VS Code forks like Cursor, Windsurf, and Google Antigravity may share a common foundation, but hands-on testing shows they ...

Threat actors behind the campaign are abusing Microsoft Visual Studio Code’s trusted workflows to execute and persist ...

Cybersecurity researchers have disclosed details of a malware campaign that's targeting software developers with a new information stealer called Evelyn Stealer by weaponizing the Microsoft Visual ...

So, you’re building a web app and trying to figure out if React or Vue.js is the way to go in 2026. It’s a big decision, and honestly, it can feel a bit overwhelming with all the options out there.