A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...

Updates to GitHub Copilot in VS Code provide the same C++ symbol context and CMake build configuration awareness as Microsoft’s C/C++ DevTools and CMake Tools extensions.

Extension that converts individual Java files to Kotlin code aims to ease the transition to Kotlin for Java developers.

I don’t use a massive IDE. These three lightweight tools handle writing, version control, and validation on every HTML ...

Four serious new vulnerabilities affect Microsoft Visual Studio Code, Cursor and Windsurf extensions, three of which remain ...

Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local ...

Stop using standard VS Code ...

First malicious Outlook add-in abused an abandoned domain to host a fake Microsoft login page, stealing 4,000+ credentials in a supply chain attack.

Google updated its JavaScript SEO documentation for the third time this week, this time to say that "while pages with a 200 HTTP status code are sent to rendering, this might not be the case for pages ...

Microsoft is previewing a new AI-assisted tool for Visual Studio Code Insiders called the JavaScript/TypeScript Modernizer. It's designed to help developers modernize older JavaScript or TypeScript ...

In December 2025, the GlassWorm supply chain malware campaign emerged again, affecting both the Microsoft Visual Studio Marketplace and Open VSX platforms. This episode involved 24 extensions posing ...