Visual Studio Magazine

VS Code Team Member Blames User Trust Decisions in Repo-Based Attacks

In a a robust Hacker News thread sparked by Jamf Threat Labs research, a VS Code team member defended the editor's Workspace Trust model as the primary safeguard against repo-based malware -- while ...
The Hacker News

Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions

Eclipse Foundation to require pre-publish security checks for Open VSX extensions to reduce VS Code supply-chain risk.

New GlassWorm attack targets macOS via compromised OpenVSX extensions

A new GlassWorm malware attack through compromised OpenVSX extensions focuses on stealing passwords, crypto-wallet data, and developer credentials and configurations from macOS systems.
The Hacker News

Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm

Open VSX supply chain attack hijacked VS Code extensions delivered GlassWorm malware stealing macOS, crypto, and developer ...
SecurityWeek

Open VSX Publisher Account Hijacked in Fresh GlassWorm Attack

A compromised Open VSX publisher account was used to distribute malicious extensions in a new GlassWorm supply chain attack.
WinBuzzer

Malicious VS Code Extensions Steal Code from 1.5M Developers

Two malicious VS Code extensions have exfiltrated code snippets, API keys, and proprietary algorithms from 1.5 million ...
GitHub

Actionforge VS Code Extension

Welcome to the source code of the Actionforge VS Code Extension Actionforge supercharges your GitHub Actions workflow experience in VS Code. Designed for time saving, this extension integrates ...