Eclipse Foundation to require pre-publish security checks for Open VSX extensions to reduce VS Code supply-chain risk.

Cybersecurity researchers from Socket’s Threat Research team have identified a developer-compromise supply chain attack ...

Socket notified Open VSX operators Eclipse Foundation of their findings, and the platform revoked tokens and removed the malicious releases. This doesn’t mean everyone is safe, though. Users who ...

A new GlassWorm malware attack through compromised OpenVSX extensions focuses on stealing passwords, crypto-wallet data, and developer credentials and configurations from macOS systems.

The classic VS Code is great and all, but these specialized forks are better for certain programming tasks ...

The latest enhancements to our platform empower organizations to stop third-party risk from ever entering their software code, providing them with a prevention-first approach.” Package Firewall, ...

Visual Studio Code is a free code editor from Microsoft, based on open source. It’s highly customizable with tens of thousands of themes and extensions, including those for working with any ...

Microsoft has released Visual Studio Code version 1.107 (November 2025) to the general public. A major theme for this release is the enhancement of agents, introducing multi-agent orchestration and ...

A campaign involving 19 Visual Studio (VS) Code extensions that embed malware inside their dependency folders has been uncovered by cybersecurity researchers. Active since February 2025 but identified ...

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...

Treat this as an immediate security incident, CISOs advised; researchers say it’s one of the most sophisticated supply chain attacks they’ve seen, and it’s spreading. A month after a self-propagating ...