Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace ...

Microsoft is speeding up the delivery of its Visual Studio Code updates. Since last summer, the company has been making ...

GlassWorm campaign used 72 malicious Open VSX extensions and infected 151 GitHub repositories, enabling stealth supply-chain ...

VS Code keeps adding new features as time goes on, and if you weren't careful, you likely missed things like sticky scroll, zen mode, and more.

You also get to escape Microsoft telemetry tracking too.

Five malicious Rust crates and an AI bot exploited CI/CD pipelines and GitHub Actions in Feb 2026, stealing developer secrets ...

VS Code 1.111 Autopilot is not just a no-prompts mode. In testing, it handled a blocking question that still stopped Bypass.

Threading the halls with Robert Schneider between classes is not a linear experience. Neither is conversation. Waysides, ...

Microsoft's new Azure Skills Plugin bundles curated Azure skills, the Azure MCP Server, and the Foundry MCP Server into a single install that gives AI coding agents both the expertise and execution ...

With editorial contributions from Christian Blauvelt, Bill Desowitz, Kate Erbland, David Ehrlich, Jim Hemphill, Marcus Jones, ...

With zero coding skills, I was able to quickly assemble camera feeds from around the world into a single view. Here's how I did it, and why it's both promising and terrifying for all of us.

The Glassworm campaign has compromised over 151 GitHub repositories and npm packages using invisible Unicode payloads that ...