Dark Reading

'Ransomvibing' Infests Visual Studio Extension Market

A published VS Code extension didn't hide the fact that it encrypts and exfiltrates data and also failed to remove obvious signs it was AI-generated.
Cryptopolitan on MSN

3 VS Code extensions stealing credentials for GitHub, VSX, and crypto wallets

Developers will have to contend with a dormant turned active malicious code on Visual Studio Code (VS Code) extensions, which ...
The Hacker News

GlassWorm Malware Discovered in Three VS Code Extensions with Thousands of Installs

Cybersecurity researchers have disclosed a new set of three extensions associated with the GlassWorm campaign, indicating continued attempts on part of threat actors to target the Visual Studio Code ...
Visual Studio Magazine

Microsoft Details How 'Agents Took Over VS Code in 2025'

Microsoft's unified agent experience in VS Code consolidates Copilot, Codex, and custom agents, introducing Agent Sessions, a ...
Visual Studio Magazine

Custom Agents Lead Microsoft AI Roadmap for Visual Studio

Microsoft's November Visual Studio roadmap outlines in-progress work on multi-agent support, enhanced chat and planning, MCP ...

Malicious AI-made extension with ransomware capabilities sneaks on to Microsoft's official VS Code marketplace - so devs beware

A malicious extension was published on Microsoft’s official VS Code marketplace, and was able to remain there for some time gathering downloads and infecting people’s computers.