Flaws in popular VSCode extensions expose developers to attacks

Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local ...
Infosecurity Magazine

Malicious Commands in GitHub Codespaces Enable RCE

A set of attack vectors in GitHub Codespaces have been uncovered that enable remote code execution (RCE) by opening a ...
Visual Studio Magazine

VS Code 1.109 Deemed a Multi-Agent Development Platform

The January 2026 release of Visual Studio Code expands AI-assisted development with structured planning agents, parallel ...
SecurityWeek

VS Code Configs Expose GitHub Codespaces to Attacks

Attackers can abuse VS Code configuration files for RCE when a GitHub Codespaces user opens a repository or pull request.