The Hacker News

Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs

Critical vulnerabilities in four widely used VS Code extensions could enable file theft and remote code execution across 125M installs.
GitHub

Drswith/vscode-json-string-code-editor

Choose from auto-detected languages Edit in a new tab with syntax highlighting Press Ctrl+S to save and sync back Note: Language detection is built into the extension and cannot be customized by users ...
The Hacker News

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Cybersecurity researchers have discovered two malicious Microsoft Visual Studio Code (VS Code) extensions that are advertised as artificial intelligence (AI)-powered coding assistants, but also harbor ...