SecurityWeek

VS Code Configs Expose GitHub Codespaces to Attacks

Attackers can abuse VS Code configuration files for RCE when a GitHub Codespaces user opens a repository or pull request.
WinBuzzer

Malicious VS Code Extensions Steal Code from 1.5M Developers

Two malicious VS Code extensions have exfiltrated code snippets, API keys, and proprietary algorithms from 1.5 million ...
Dark Reading

Leaks in Microsoft VS Code Marketplace Put Supply Chain at Risk

Organizations have accidentally exposed secrets across Microsoft Visual Studio Code (VS Code) marketplaces, posing significant risks not just to the organizations themselves but also to the greater ...