The Hacker News

GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers

GlassWorm campaign used 72 malicious Open VSX extensions and infected 151 GitHub repositories, enabling stealth supply-chain attacks on developers.
GitHub

The Official IDL Extension for Visual Studio Code

First version of a web extension allowing you to view IDL code and notebooks directly in the browser — lightweight for now, but a step toward full desktop/browser parity See the changelog for full ...
Visual Studio Magazine

Microsoft Launches Azure Skills Plugin to Give AI Coding Agents Real Azure Expertise

Microsoft's new Azure Skills Plugin bundles curated Azure skills, the Azure MCP Server, and the Foundry MCP Server into a single install that gives AI coding agents both the expertise and execution ...
ADTmag

Visual Studio Code Moves to Weekly Releases Starting with Version 1.111

Microsoft’s Visual Studio Code development environment will move from monthly updates to a weekly release schedule, beginning with version 1.111, according to the development team.
GitHub

Semgrep Visual Studio Code extension

Semgrep is a fast, static analysis tool powered by an open-source engine for finding bugs, detecting vulnerabilities, and enforcing code standards. Semgrep Visual Studio Code extension scans lines ...
Bleeping Computer

Flaws in popular VSCode extensions expose developers to attacks

Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local ...