Dark Reading

Easily Exploitable Microsoft Visual Studio Bug Opens Developers to Takeover

Security researchers are warning about a bug in Microsoft Visual Studio installer that gives cyberattackers a way to create and distribute malicious extensions to application developers, under the ...
Bleeping Computer

'WhiteCobra' floods VSCode market with crypto-stealing extensions

A threat actor named WhiteCobra has been targeting VSCode, Cursor, and Windsurf users by planting 24 malicious extensions in the Visual Studio marketplace and the Open VSX registry. The campaign is ...