Trending Now RSS

Visual Studio Code

More context

A growing security story is focused on a poisoned VS Code extension that enabled a hacker group to compromise roughly 3,800 internal GitHub repositories and exfiltrate source code. Separately, some coverage highlights a new Microsoft weekly VS Code update aimed at reducing user “friction,” plus a discussion recommending alternative editors.

ContextTom's HardwareThe RegisterView all sources →

Also known as vs code·vscodium·code - oss·vs code extension·vs code insider

1.6 Activity score up · 2d
4.0 Peak score 3d window
Mixed Sentiment
5 Sources · 5 signals
Last updated · next ~12:00
3d First on radar
My favorite alternative to VS Code isn’t Cursor or Claude Code: it’s something way cooler and productive · 1 new in last hour ·
Key Takeaway Treat VS Code extensions as a serious supply-chain risk: a poisoned extension enabled large-scale GitHub repository compromise and exfiltration.
AI summary · grounded in cited sources
SourcesTom's HardwareThe RegisterView all sources →
malicious extension attack GitHub repo exfiltration VS Code update improvements editor alternatives vs code
Mixed 40/100
Themes
malicious extension attackGitHub repo exfiltration
+2 adjacent themes
VS Code update improvementseditor alternatives
AI Brief

Treat VS Code extensions as a serious supply-chain risk: a poisoned extension enabled large-scale GitHub repository compromise and exfiltration.

A growing security story is focused on a poisoned VS Code extension that enabled a hacker group to compromise roughly 3,800 internal GitHub repositories and exfiltrate source code. Separately, some coverage highlights a new Microsoft weekly VS Code update aimed at reducing user “friction,” plus a discussion recommending alternative editors.

Trending Activity ▼ -1.6 24h
Trend score · left axis Sentiment score · right axis

Live Wire

Top 2 signals · Treat VS Code extensions as a serious supply-chain risk: a
The Register · 2d ago
GitHub says internal repos exfiltrated after poisoned VS Code extension attack
r/netsec · 1d ago
GitHub ~3,800 internal repos compromised through a malicious VS Code extension

Broader Visual Studio Code coverage

Other Visual Studio Code activity — not part of the “Treat VS Code extensions as a serious supply-chain risk: a” story
Neowin · 1d ago
Microsoft just removed major "friction" from VS Code in its latest weekly update
XDA-Developers · 14m ago
My favorite alternative to VS Code isn’t Cursor or Claude Code: it’s something way cooler and productive

Briefing Findings · Treat VS Code extensions as a serious supply-chain risk: a

Story-specific findings extracted from this briefing's coverage. Fast Facts in the sidebar holds the canonical reference data (CEO, founded, ticker).

scope of compromise ~3,800 internal GitHub repos
attack method poisoned/malicious VS Code extension
exfiltration outcome internal repos exfiltrated

What to Watch

  • Monitor reports from GitHub on any follow-up details about affected internal repos from the extension attack. The Register
  • Watch for additional coverage of the specific extension used and recommended cleanup steps in ongoing security threads. Tom's Hardware

What Changed

  • GitHub ~3,800 internal repos compromised through a malicious VS Code extension Tom's Hardware
  • Hacker group hits 3,800 internal GitHub repositories via poisoned developer plugin — TeamPCP claims source code theft and attempts $50,000 sale, employee installed malicious VS Code extension Tom's Hardware
  • GitHub says internal repos exfiltrated after poisoned VS Code extension attack The Register
Source-backed brief 2 articles across 2 publications · brief is source backed Show all sources
r/netsec · 1 article
The Register · 1 article
Broader Visual Studio Code coverage · not part of the Treat VS Code extensions as a serious supply-chain risk: a story
Neowin · 1 article
XDA-Developers · 1 article

Latest from across the web

External coverage we have crawled and indexed for this topic.

View all 6 signals →
guru3d.com

Malicious VS Code Extension Linked to Theft of 3,800 GitHub Repositories

A reported software supply chain attack involving a malicious Visual Studio Code extension has exposed the growing security risks surrounding modern development environments.

1d ago Hilbert Hagedoorn
neowin.net

Microsoft just removed major "friction" from VS Code in its latest weekly update

If you are tired of installing endless extensions just to view basic projects, Microsoft's new built-in tools for Visual Studio Code are going to completely change your workflow.

21h ago Paul Hill

What each outlet is saying

Source-by-source view of what publications and communities are surfacing right now.

Discovery

Videos

Topic-matched media from the channels we track
Cursor ditches VS Code, but not everyone is happy... Fireship
Share & embed Quotables, social share, embed snippet

Share

Twitter Reddit

Quotables · click to copy

Verbatim claims you can cite from the briefing. Each quote is sourced from indexed coverage — paste into your own writing or social.

Embed widget

<script src="https://ttek2.com/embed/pulse/visual-studio-code" async></script>