Latest VS Code news

Open a project folder in VS Code, click "Trust," and North Korean malware executes instantly. Sophos documents how NICKEL ALLEY weaponised tasks.json to target crypto and Web3 developers through fake job interviews. The technique has been active since December 2025.

A supply-chain operation planted 72 malicious VS Code extensions on Open VSX using transitive dependencies that bypass initial review. The same GlassWorm threat actor injected Unicode payloads into 151 GitHub repos with LLM-generated cover commits.

ERNW found a critical prompt injection flaw in Blackbox AI's VS Code extension (4.8M installs). A hidden prompt in an image gave the attacker full root access to the system.