VS Code 1.123 adds a two-hour delay before extensions auto-update to newer versions when automatic updates are enabled.

Compromised npm packages targeted Red Hat cloud services, enabling credential theft and expanding supply chain risks.

About three years ago Microsoft released a new source code editor for Windows, Linux, and macOS. This was named Visual Studio Code. It is way lighter IDE than various editions of the legendary Visual ...

VS Code 1.120 brings the Agents window to Stable preview. The new window opens from a title-bar button. Agent customizations include Agents, Skills, Instructions, Hooks, MCP Servers and Plugins. It ...

GitHub says hackers stole about 3,800 internal repos after a poisoned VS Code extension hit an employee device ...

The attacks stemmed from a GitHub account that was also compromised in a previous Miasma attack on Microsoft last month.

VS Code 1.121 was released May 20, 2026, featuring yet another update to Claude Code, becoming more and more a first-class citizen in the VS Code ecosystem. Remote agents can run over SSH or dev ...

A GitHub employee installed a routine VS Code extension update, handed cybercrime group TeamPCP enough access to exfiltrate approximately 3,800 of GitHub's internal source code repositories — everythi ...

Developers using open-source tools face heightened supply-chain risk after the botnet lost all four of its command channels.

Microsoft has had a VS Code extension for a long time, and it finally came back to bite them.

GitHub has confirmed a breach involving roughly 3,800 internal repositories after an employee device was compromised through a malicious VS Code extension. The TeamPCP hacker group claims it stole ...

Security researchers found malicious code buried inside more than 30 of Red Hat's official software packages, built to ...