「Visual Studio Code」の開発環境において広く利用されている拡張機能「Live Server」に情報漏洩の脆弱性が明らかとなった。2025年8月に開発者へ報告されたが、その後も未修正の状態が続いているという。 「Live Server」は、ローカルでHTTPサーバを起動し、ファイル変更時にブラウザを自動更新する「Visual Studio Code」向けの拡張機能。

Four serious new vulnerabilities affect Microsoft Visual Studio Code, Cursor and Windsurf extensions, three of which remain ...

Visual Studio Code 1.110 (February 2026) adds new agent extensibility, browser-driving chat tools, and expanded chat accessibility.

Security researchers have discovered three serious vulnerabilities in four popular VS Code extensions, which have been downloaded more than 120 million ...

An unknown threat actor is deploying a large-scale, sophisticated cryptojacking campaign through a series of malicious extensions in Visual Studio Code, Microsoft’s lightweight source-code editor, ...

AI-first editors and agent-driven tooling intensify competition in the IDE market The Open VSX registry, used for installing extensions in editors compatible with Visual Studio Code (VS Code), will ...

With "vibe coding" taking over software development with AI-driven programming and other advanced functionality, you would think the Visual Studio Code Marketplace would be flooded with new extensions ...

Earlier today, we covered the incident of Microsoft Defender flagging the Winring0 driver inside PC monitoring and fan control apps as malicious. Although at first glance it may seem like an obvious ...

It's more than just a code editor.

Organizations have accidentally exposed secrets across Microsoft Visual Studio Code (VS Code) marketplaces, posing significant risks not just to the organizations themselves but also to the greater ...