Security researchers found malicious code hiding in two VSCode extensions Microsoft quickly pulled them and notifies users The developer criticized Microsoft's move, saying they were never ...

Two malicious VSCode Marketplace extensions were found deploying in-development ransomware from a remote server, exposing critical gaps in Microsoft's review process.

Microsoft has removed two popular VSCode extensions, 'Material Theme - Free' and 'Material Theme Icons - Free,' from the Visual Studio Marketplace for allegedly containing malicious code.

It has been reported that an extension that distributes ransomware has been published on the Visual Studio Code Marketplace , a web store for VSCode extensions.

Developers using Microsoft’s Visual Studio Code (VSCode) editor are being warned to delete, or at least stay away from, 10 newly published extensions which will trigger the installation of a ...

Sideloaded extensions are particularly vulnerable After confirming the behavior on VSCode, OX extended their investigation to other platforms, including Visual Studio, IntelliJ IDEA, and Cursor.