Visual Studio Code 1.109 introduces enhancements for providing agents with more skills and context and managing multiple ...

Attackers can abuse VS Code configuration files for RCE when a GitHub Codespaces user opens a repository or pull request.

Cybersecurity researchers from Socket’s Threat Research team have identified a developer-compromise supply chain attack ...

Those project files you deleted might not actually be deleted.

A fake VS Code extension posing as a Moltbot AI assistant installed ScreenConnect malware, giving attackers persistent remote ...

VS Code forks like Cursor, Windsurf, and Google Antigravity may share a common foundation, but hands-on testing shows they ...

Marketplace that were collectively installed 1.5 million times, exfiltrate developer data to China-based servers.

Threat actors behind the campaign are abusing Microsoft Visual Studio Code’s trusted workflows to execute and persist ...

Microsoft has made its development tool XAML Studio open source, eight years after its initial release. Version 2.0 is next, and some new features are planned, which interested parties can already try ...

Microsoft has released Visual Studio Code version 1.107 (November 2025) to the general public. A major theme for this release is the enhancement of agents, introducing multi-agent orchestration and ...

A campaign involving 19 Visual Studio (VS) Code extensions that embed malware inside their dependency folders has been uncovered by cybersecurity researchers. Active since February 2025 but identified ...

You start by getting the official installer from the Visual Studio Code website. Open your preferred browser on Windows. Go to the Visual Studio Code download page ...