Latest weekly update supports previewing videos in the image carousel, adds a Copy Final Response command to the chat context ...

Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local ...

The Python extension now supports multi-project workspaces, where each Python project within a workspace gets its own test tree and Python environment. This document explains how multi-project testing ...

In January 2026, Microsoft Defender Experts identified a new evolution in the ongoing ClickFix campaign. This updated tactic deliberately crashes victims’ browsers and then attempts to lure users into ...

Security researchers revealed two malicious VS Code extensions exfiltrated code snippets, API keys, and proprietary algorithms from 1.5 million developers to servers in China while masquerading as AI ...

Cybersecurity researchers have discovered two malicious packages in the Python Package Index (PyPI) repository that masquerade as spellcheckers but contain functionality to deliver a remote access ...

A new VS Code extension called Nogic visualizes codebases as interactive graphs and drew strong interest on Hacker News. Commenters praised the concept for understanding large or unfamiliar codebases, ...

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...

Cybersecurity researchers have discovered a self-propagating worm that spreads via Visual Studio Code (VS Code) extensions on the Open VSX Registry and the Microsoft Extension Marketplace, ...

Careless developers publishing Visual Studio extensions to two open marketplaces have been including access tokens and other secrets that can be exploited by threat actors, a security vendor has found ...

The coordinated campaign abuses Visual Studio Code and OpenVSX extensions to steal code, mine cryptocurrency, and maintain remote control, all while posing as legitimate developer tools. In a new ...

A threat actor called TigerJack is constantly targeting developers with malicious extensions published on Microsoft's Visual Code (VSCode) marketplace and OpenVSX registry to steal cryptocurrency and ...