The AI coding war has intensified.

VS Code extensions since Dec 21, 2025 fuel GlassWorm v2, installing cross-IDE malware and stealing credentials.

Try these extensions and you'll wonder how you ever lived without them!

Malicious KICS Docker tags and VS Code versions 1.17.0, 1.19.0 enabled data exfiltration, risking exposed infrastructure ...

Microsoft has embedded GitHub Copilot as a default VS Code extension in version 1.116, adding agent debug logging, terminal ...

The Java ecosystem has historically been blessed with great IDEs to work with, including NetBeans, Eclipse and IntelliJ from JetBrains. However, in recent years Microsoft's Visual Studio Code editor ...

A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the Discussions section of various projects, to trick users into downloading ...

VS Code Extensions have transformed the code editor into a productivity powerhouse. GitHub Copilot enables AI-powered autocomplete, multi-line code generation, and context-aware suggestions, helping ...

Microsoft is speeding up the delivery of its Visual Studio Code updates. Since last summer, the company has been making monthly releases, each with three or four patches and new functionality, but ...

Threat actors behind the campaign are abusing Microsoft Visual Studio Code’s trusted workflows to execute and persist malicious code. Threat actors behind the long-running Contagious Interview ...

A campaign involving 19 Visual Studio (VS) Code extensions that embed malware inside their dependency folders has been uncovered by cybersecurity researchers. Active since February 2025 but identified ...