In a a robust Hacker News thread sparked by Jamf Threat Labs research, a VS Code team member defended the editor's Workspace ...

Note: Keyboard shortcuts work when the Jira My Work view is focused. /src /api # Jira API client and authentication /commands # Command handlers /providers # Tree view and webview providers /models # ...

North Korea is doubling down on a familiar playbook by weaponizing trust in open-source software and developer workflows. The ...

Marketplace that were collectively installed 1.5 million times, exfiltrate developer data to China-based servers.

Attackers can abuse VS Code configuration files for RCE when a GitHub Codespaces user opens a repository or pull request.

A new Visual Studio Code extension called Nogic sparked a wide-ranging Hacker News discussion, with commenters praising its ...

Eclipse Foundation to require pre-publish security checks for Open VSX extensions to reduce VS Code supply-chain risk.

Another wave of malicious browser extensions capable of tracking user activity have been found across Chrome, Firefox, and ...

A compromised Open VSX publisher account was used to distribute malicious extensions in a new GlassWorm supply chain attack.

What issue are you seeing? The vscode extension handles wrongly the situation where the workspace has multiple folders. It presents only one folder in writable_roots given to codex, apparently the ...

Two malicious VS Code extensions have exfiltrated code snippets, API keys, and proprietary algorithms from 1.5 million ...