InfoWorld

Self-propagating worm found in marketplaces for Visual Studio Code extensions

Treat this as an immediate security incident, CISOs advised; researchers say it’s one of the most sophisticated supply chain ...
CSO Online

Malicious packages in npm evade dependency detection through invisible URL links: Report

Researchers outline how the PhantomRaven campaign exploits hole in npm to enable software supply chain attacks.
Visual Studio Magazine

VS Code Expands AI Flexibility with Bring Your Own Key

Microsoft expanded model choice in VS Code with Bring Your Own Key (BYOK), enabling developers to connect models from any provider and manage them through a new extensible API.
The Hacker News

Self-Spreading 'GlassWorm' Infects VS Code Extensions in Widespread Supply Chain Attack

GlassWorm spread via 14 VS Code extensions; Solana + Google Calendar C2; stole credentials, drained 49 wallets.

Developers, Meet the Future: How Gemini CLI Extensions Are Changing the Game

Explore the innovative Gemini CLI extensions that bring flexibility, customization, and AI-driven solutions to web ...
CSO Online

Threat actors are spreading malicious extensions via VS marketplaces

There isn’t a consistent threat model for extension marketplaces yet, McCarthy said, making it difficult for any platform to ...
Techzine Europe

Invisible malware spreads via VS Code extensions

A new cyber threat is affecting developers worldwide who work with Visual Studio Code. Researchers at Koi Security have ...

The October 2025 update for Visual Studio 2022 (17.14) is now available0 0

Microsoft has released the October 2025 update for Visual Studio 2022 (17.14). Read on to learn everything new in this update ...
Visual Studio Magazine

GitHub Introduces Agent HQ to Orchestrate 'Any Agent Any Way You Work'

GitHub unveiled Agent HQ at its Universe 2025 event, a new platform that lets developers orchestrate multiple AI agents ...