Three of the four vulnerabilities remained unpatched months after OX Security reported them to the maintainers.

Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local ...

Visual Studio Code 1.109 introduces enhancements for providing agents with more skills and context and managing multiple ...

The January 2026 update to VS Code (v1.109) transforms the editor into a multi-agent orchestration hub, allowing developers ...

A proof of concept shows how multi-agent orchestration in Visual Studio Code 1.109 can turn a fragile, one-pass AI workflow into a more reliable, auditable process by breaking long tasks into smaller, ...

Eclipse Foundation to require pre-publish security checks for Open VSX extensions to reduce VS Code supply-chain risk.

Today is Microsoft' 2026 Patch Tuesday with security updates for 58 flaws, including 6 actively exploited and three publicly ...

Cybersecurity researchers from Socket’s Threat Research team have identified a developer-compromise supply chain attack targeting macOS users, where ...

First malicious Outlook add-in abused an abandoned domain to host a fake Microsoft login page, stealing 4,000+ credentials in ...

Using GitHub Copilot is now easier, and AI agents can visually represent progress and use skills.

Microsoft has patched six exploited zero-days in February 2026 Patch Tuesday, addressing 58 vulnerabilities and triggering urgent enterprise remediation.

Attackers can abuse VS Code configuration files for RCE when a GitHub Codespaces user opens a repository or pull request.