Malicious AI extensions on VSCode Marketplace steal developer data

Marketplace that were collectively installed 1.5 million times, exfiltrate developer data to China-based servers.

Malicious Microsoft AI extensions might have hit over 1.5 million users

Two VSCode extensions are harvesting sensitive data and sending it to China.
GitHub

McCReuben/SQL-Runner-VSCode-Extension-

Execute SQL queries directly from VS Code with Cmd+Enter (Mac) or Ctrl+Enter (Windows/Linux). View results in a beautiful table interface with export capabilities.
GitHub

Exasol Extension for Visual Studio Code

A Visual Studio Code extension for working with Exasol databases. Provides comprehensive database management, intelligent SQL editing, and powerful query execution capabilities. ⚠️ Note: this ...
Bleeping Computer

VSCode IDE forks expose users to "recommended extension" attacks

Popular AI-powered integrated development environment solutions, such as Cursor, Windsurf, Google Antigravity, and Trae, recommend extensions that are non-existent in the OpenVSX registry, allowing ...
InfoQ

Cloudflare Introduces Aggregations in R2 SQL for Data Analytics

Cloudflare recently announced support for aggregations in R2 SQL, a new feature that lets developers run SQL queries on data stored in R2. This enhancement expands R2 SQL beyond basic filtering and ...
XDA Developers on MSN

4 VS Code forks built for specific tasks

The classic VS Code is great and all, but these specialized forks are better for certain programming tasks ...
The Hacker News

⚡ Weekly Recap: Firewall Flaws, AI-Built Malware, Browser Traps, Critical CVEs & More

Weekly cybersecurity recap covering emerging threats, fast-moving attacks, critical flaws, and key security developments you need to track this week.
The Hacker News

Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto

Experts reveal Evelyn Stealer malware abusing VS Code extensions to steal developer credentials, browser data, and ...