BlackBox AI, a popular VS Code coding assistant, has a critical indirect prompt injection vulnerability. Hackers can exploit this to gain remote root access to a user’s computer.

The Codex app for Windows already has over 500,000 developers in waitlist. Here's everything you need to know.

The Python extension now supports multi-project workspaces, where each Python project within a workspace gets its own test tree and Python environment. This document explains how multi-project testing ...

In January 2026, Microsoft Defender Experts identified a new evolution in the ongoing ClickFix campaign. This updated tactic deliberately crashes victims’ browsers and then attempts to lure users into ...

Security researchers revealed two malicious VS Code extensions exfiltrated code snippets, API keys, and proprietary algorithms from 1.5 million developers to servers in China while masquerading as AI ...

Two malicious extensions in Microsoft’s Visual Studio Code (VSCode) Marketplace that were collectively installed 1.5 million times exfiltrate developer data to China-based servers. Both extensions are ...

A Visual Studio Code extension for ty, an extremely fast Python type checker and language server, written in Rust. The extension ships with ty==0.0.12. Once installed in Visual Studio Code, ty will ...

The threat actor behind two malicious browser extension campaigns, ShadyPanda and GhostPoster, has been attributed to a third attack campaign codenamed DarkSpectre that has impacted 2.2 million users ...

Trust Wallet is urging users to update its Google Chrome extension to the latest version following what it described as a "security incident" that led to the loss of approximately $7 million. The ...

A threat actor called TigerJack is constantly targeting developers with malicious extensions published on Microsoft's Visual Code (VSCode) marketplace and OpenVSX registry to steal cryptocurrency and ...