Fake VS Code alerts on GitHub spread malware to developers

A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the ...
The Hacker News

North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware

North Korean hackers exploit VS Code tasks.json auto-run since Dec 2025 to deploy StoatWaffle malware, stealing data and ...
Visual Studio Magazine

VS Code 1.113 Bundles Agent, Chat and Editor Tweaks as Dev Team Settles into Weekly Releases

Microsoft's VS Code 1.113 release packages a range of smaller updates across agent experience, chat experience, and editor experience, arriving as the company shifts the editor to a weekly release ...
CSO Online

New ‘StoatWaffle’ malware auto‑executes attacks on developers

The newly observed malware abuses VS Code’s “runOn:folderOpen” feature to execute automatically from trusted projects, ...
Visual Studio Magazine

TypeScript 6.0 Ships as Final JavaScript-Based Release, Clears Path for Go-Native 7.0

Microsoft released TypeScript 6.0 on March 23, the last version built on the original JavaScript codebase, with three post-RC changes and a wave of deprecations designed to ready codebases for the ...
The Hacker News

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

Claude extension flaw enabled silent prompt injection via XSS and weak allowlist, risking data theft and impersonation until ...
Make Tech Easier

Use Pake to Turn Websites Into Desktop Apps — No Bloat, No Browser Dependency

Turn any website into a desktop app with Pake. Create fast, lightweight apps without browser dependency or bloat.
PCMag on MSN

Vibe Coding 101: How to Build Apps and More With AI

Have an app you've always wanted to build? A humdrum task to automate? AI tools make it easier than ever, but they can be as ...