SecurityWeek

VS Code Configs Expose GitHub Codespaces to Attacks

Attackers can abuse VS Code configuration files for RCE when a GitHub Codespaces user opens a repository or pull request.
GitHub

Drswith/vscode-json-string-code-editor

Choose from auto-detected languages Edit in a new tab with syntax highlighting Press Ctrl+S to save and sync back Note: Language detection is built into the extension and cannot be customized by users ...
Bleeping Computer

Malicious AI extensions on VSCode Marketplace steal developer data

Two malicious extensions in Microsoft’s Visual Studio Code (VSCode) Marketplace that were collectively installed 1.5 million times exfiltrate developer data to China-based servers. Both extensions are ...
GitHub

VSCode N-Gram Code Suggester

This repository demonstrates a research prototype that implements a simple n‑gram language model for code completion in VS Code. It is not guaranteed to be stable, fast, or secure enough for ...