InfoWorld

Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse

Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace ...
Visual Studio Magazine

VS Code Team Member Blames User Trust Decisions in Repo-Based Attacks

A Hacker News commenter identifying as a VS Code team member said Workspace Trust is the intended security protection against repo-based attacks. The commenter acknowledged user experience issues and ...