Three of the four vulnerabilities remained unpatched months after OX Security reported them to the maintainers.

「Visual Studio Code」の開発環境において広く利用されている拡張機能「Live Server」に情報漏洩の脆弱性が明らかとなった。2025年8月に開発者へ報告されたが、その後も未修正の状態が続いているという。 「Live Server」は、ローカルでHTTPサーバを起動し、ファイル変更時にブラウザを自動更新する「Visual Studio Code」向けの拡張機能。

Four serious new vulnerabilities affect Microsoft Visual Studio Code, Cursor and Windsurf extensions, three of which remain ...

Visual Studio Code 1.110 (February 2026) adds new agent extensibility, browser-driving chat tools, and expanded chat accessibility.

An unknown threat actor is deploying a large-scale, sophisticated cryptojacking campaign through a series of malicious extensions in Visual Studio Code, Microsoft’s lightweight source-code editor, ...

It's more than just a code editor.

For most of us, Visual Studio Code is a text editor, a place to write code, preview Markdown, or maybe debug a script or two. But that perception barely scratches the surface. Over the last few years, ...