Team wins praise for adding 'disable all AI features' setting for devs who want a code editor to be only a code editor ...

GlassWorm, a known malware, has put 73 harmful extensions into OpenVSX's registry. Hackers use it to steal developers' crypto ...

Malicious code inserted into four SAP-related npm packages exposed developer workstations and automated build systems to credential theft, marking a sharp escalation in attacks against open-source ...

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...

Preview of new companion app allows developers to run multiple agent sessions in parallel across multiple repos and iterate on human and agent reviews. Visual Studio Code 1.115, the latest release of ...

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...

VS Code 1.118 adds remote Copilot control, enterprise AI restrictions, and smarter caching while improving developer ...

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...

Microsoft is making Visual Studio more agentic. New tools handle remote coding tasks and analyze live app behavior to find ...

Visual Studio Code Agents ships with VS Code Insiders, launches separately from the editor, and starts with its own sign-in, workspace selection, trust, and approval flow. In a real editorial ...

VS Code 1.115 introduced a preview Agents app in VS Code Insiders. VS Code 1.116 added persistent debug logs for current and past agent sessions. Both releases expanded how agents work with terminals, ...