Malicious AI extensions on VSCode Marketplace steal developer data

Marketplace that were collectively installed 1.5 million times, exfiltrate developer data to China-based servers.

Do you have one of these 17 browser extensions? They could be tracking your browsing history.

Cybersecurity researchers identified malware-infected browser extensions on Chrome, Firefox, and Edge browsers.
GitHub

Language Server for Kotlin

The project is in an experimental, pre-alpha, exploratory phase with the intention to be productionized. We move fast, break things, and explore various aspects of the seamless developer experience ...
WinBuzzer

Microsoft Open-Sources Quantum Dev Tools for Chemistry

Microsoft has released open-source Quantum Development Kit tools for chemistry and error correction, with VS Code integration ...
Visual Studio Magazine

Buzz About VS Code Extension for Codebase Visualization

A new Visual Studio Code extension called Nogic sparked a wide-ranging Hacker News discussion, with commenters praising its ...
Visual Studio Magazine

Microsoft Expands Quantum Development Kit with New Open-Source Tools, VS Code Integration

Microsoft released new open‑source quantum development tools that deepen VS Code and Copilot integration while targeting real ...
The Hacker News

North Korea-Linked Hackers Target Developers via Malicious VS Code Projects

North Korean hackers abuse Visual Studio Code task files in fake job projects to deploy backdoors, spyware, and crypto miners ...
The Hacker News

Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto

Experts reveal Evelyn Stealer malware abusing VS Code extensions to steal developer credentials, browser data, and ...
IEEE

CHARON: Polyglot Code Analysis for Detecting Vulnerabilities in Scripting Languages Native Extensions

Abstract: Scripting languages like Python or JavaScript are extremely popular among developers, in part due to their massive open-source ecosystems that enable smooth code reuse. However, recent work ...