Malicious Microsoft AI extensions might have hit over 1.5 million users

Two VSCode extensions are harvesting sensitive data and sending it to China.
The Hacker News

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Security researchers found two AI-branded VS Code extensions with 1.5M installs that covertly send source code and files to ...

Malicious AI extensions on VSCode Marketplace steal developer data

Marketplace that were collectively installed 1.5 million times, exfiltrate developer data to China-based servers.
Visual Studio Magazine

Hands On: Testing Cursor, Windsurf and VS Code on Text-to-Website Generation

A hands-on comparison shows how Cursor, Windsurf, and Visual Studio Code approach text-to-website generation differently once ...
Dark Reading

DPRK Actors Deploy VS Code Tunnels for Remote Hacking

A spear-phishing campaign tied to the Democratic People's Republic of Korea (DPRK) uses trusted Microsoft infrastructure to ...
How-To Geek on MSN

5 VS Code alternatives optimized for specific jobs

Not everything has to be one size fits all; some forks are better for specific projects than others.
GitHub

bethington/cheat-engine-server-python

This server operates in READ-ONLY mode for safety. It can read and analyze memory but cannot modify it. All operations are logged for security auditing.
GitHub

VS Code MCP Server

A Visual Studio Code extension (available on the Marketplace) that allows Claude and other MCP clients to code directly in VS Code! Inspired by Serena, but using VS Code's built-in capabilities.