Eclipse Foundation to require pre-publish security checks for Open VSX extensions to reduce VS Code supply-chain risk.

Marketplace that were collectively installed 1.5 million times, exfiltrate developer data to China-based servers.

CrashFix crashes browsers to coerce users into executing commands that deploy a Python RAT, abusing finger.exe and portable Python to evade detection and persist on high‑value systems.

Windows 11's new "Dock" is an optional feature shipping via Microsoft PowerToys, and it's basically an extra bar that can sit ...

Security researchers found two AI-branded VS Code extensions with 1.5M installs that covertly send source code and files to ...

Microsoft’s PowerToys team is contemplating building a top menu bar for Windows 11, much like Linux, macOS, or older versions ...

A secondary taskbar called the Command Palette Dock would provide quick access to PowerToys features and tools.

A Microsoft Visual Studio Code extension for Moltbot turns out to actually deliver a malware payload to unsuspecting users.

Two VSCode extensions are harvesting sensitive data and sending it to China.

Cybersecurity firm LayerX uncovers 17 malicious extensions that can enable click fraud, user tracking, and more. The most ...

Microsoft is working on several interesting features for Edge, the new Outlook for Windows, and the SharePoint Admin Center.

A new GlassWorm malware attack through compromised OpenVSX extensions focuses on stealing passwords, crypto-wallet data, and developer credentials and configurations from macOS systems.