Attackers can abuse VS Code configuration files for RCE when a GitHub Codespaces user opens a repository or pull request.

Two VSCode extensions exfiltrated sensitive user data to Chinese servers ChatGPT – 中文版 and ChatMoss had over 1.5 million installs combined Extensions used hidden iframes, commands, and SDKs to steal ...

Chrome extensions are supposed to make your browser more useful, but they've quietly become one of the easiest ways for attackers to spy on what you do online. Security researchers recently uncovered ...

Browser extensions with more than 8 million installs are harvesting users’ complete and extended AI conversations and selling them for marketing purposes, according to data collected from the Google ...

Google has revealed its top Chrome extensions of 2025, highlighting a shift toward AI companions that sit inside your workflow. Add-ons like Monica and Sider stole the show, allowing users to chat ...

Enterprises need data, and data needs to be stored, with a flexible, portable environment that scales from developers’ laptops to global clouds. That storage also needs to be able to run on any OS and ...

The coordinated campaign abuses Visual Studio Code and OpenVSX extensions to steal code, mine cryptocurrency, and maintain remote control, all while posing as legitimate developer tools. In a new ...

A threat actor called TigerJack is constantly targeting developers with malicious extensions published on Microsoft's Visual Code (VSCode) marketplace and OpenVSX registry to steal cryptocurrency and ...

Microsoft updated its free MSSQL extension for Visual Studio Code with new Fabric connectivity and provisioning features in public preview, alongside GitHub Copilot slash commands and multiple ...

What would we do without the web browser? For most of us, it’s our gateway to the digital world. But browsers are such a familiar tool today that we’re in danger of giving them a free ride. In fact, ...