Microsoft expanded model choice in VS Code with Bring Your Own Key (BYOK), enabling developers to connect models from any provider and manage them through a new extensible API.

A published VS Code extension didn't hide the fact that it encrypts and exfiltrates data and also failed to remove obvious signs it was AI-generated.

A suspicious Visual Studio Code extension with file-encrypting and data-stealing behavior successfully bypassed marketplace ...

Treat this as an immediate security incident, CISOs advised; researchers say it’s one of the most sophisticated supply chain attacks they’ve seen, and it’s spreading. A month after a self-propagating ...

Microsoft has introduced a new AI-powered capability called Planning in Visual Studio, now available in public preview as part of Visual Studio 2022 version 17.14. The feature extends GitHub Copilot's ...

Researchers outline how the PhantomRaven campaign exploits hole in npm to enable software supply chain attacks.

A new and ongoing supply-chain attack is targeting developers on the OpenVSX and Microsoft Visual Studio marketplaces with self-spreading malware called GlassWorm that has been installed an estimated ...

AI agents have become popular as they link consumers with brands, but some execs and developers are concerned that an open ...

AI agents have become popular as they link consumers with brands, but some execs and developers are concerned that an open ecosystem for these tools could expose client secrets.

The leak has now been fixed. According to the Open VSX team, the incident has been fully contained and closed since October ...

October 2025 update makes the Claude Sonnet 4.5 and Claude Haiku 4.5 coding models available for use in the GitHub Copilot ...

Microsoft has released the October 2025 update for Visual Studio 2022 (17.14). Read on to learn everything new in this update ...