A threat actor called TigerJack is constantly targeting developers with malicious extensions published on Microsoft's Visual Code (VSCode) marketplace and OpenVSX registry to steal cryptocurrency and ...

A set of ten VSCode extensions on Microsoft's Visual Studio Code Marketplace pose as legitimate development tools while infecting users with the XMRig cryptominer for Monero. Microsoft VSCode is a ...

A recent investigation by security researchers has revealed a troubling surge in malicious campaigns exploiting popular development tools, including VSCode extensions and npm packages. These campaigns ...

Forbes contributors publish independent expert analyses and insights. Lars Daniel covers digital evidence and forensics in life and law. Recent reports have uncovered a series of malicious extensions ...

Reversing Labs and Assaraf discover campaign targeting software and web3 devs Multiple packages were hiding weaponized code that deploys stage-two malware The malicious intent was very difficult to ...

The coordinated campaign abuses Visual Studio Code and OpenVSX extensions to steal code, mine cryptocurrency, and maintain remote control, all while posing as legitimate developer tools. In a new ...

A free diagnostic tool called ' VSCan ' has been released that checks the code of extensions released for Visual Studio Code (VScode) and checks for security issues. Enter the extension's name or ID ...

Careless developers publishing Visual Studio extensions to two open marketplaces have been including access tokens and other secrets that can be exploited by threat actors, a security vendor has found ...