Malicious AI extensions on VSCode Marketplace steal developer data

Marketplace that were collectively installed 1.5 million times, exfiltrate developer data to China-based servers.
CSO Online

Contagious Interview turns VS Code into an attack vector

Threat actors behind the campaign are abusing Microsoft Visual Studio Code’s trusted workflows to execute and persist ...
The Hacker News

North Korea-Linked Hackers Target Developers via Malicious VS Code Projects

North Korean hackers abuse Visual Studio Code task files in fake job projects to deploy backdoors, spyware, and crypto miners ...
The Hacker News

Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto

Experts reveal Evelyn Stealer malware abusing VS Code extensions to steal developer credentials, browser data, and ...
GitHub

Visual Studio Code PDF Viewer

This extension runs the latest pdf.js underneath. A demo of their editor (hence ours) can be found here. Most extensions currently in the marketplace have problems too deep to fix. These problems ...
Visual Studio Magazine

Hands On with Copilot Vision: VS Code's Head Start and How the IDE Is Catching Up

AI space! GitHub Copilot's vision and image-based features arrived first in VS Code in February 2025 and have since become ...
InfoWorld

Why ‘boring’ VS Code keeps winning

Meanwhile, the model layer keeps whiplashing. First, everyone used ChatGPT. Then Gemini was catching up. Now, it seems Claude ...
Visual Studio Magazine

AI Faceoff: Customized VS Code Commands

VS Code snippets and keybinding-based editor.action.insertSnippet commands can replicate the core behavior of unmaintained extensions such as htmltagwrap. Different approaches -- custom extensions, ...
GitHub

VS Code MCP Server

A Visual Studio Code extension (available on the Marketplace) that allows Claude and other MCP clients to code directly in VS Code! Inspired by Serena, but using VS Code's built-in capabilities.