Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Updated on January 26, 2026

Cybersecurity researchers have discovered two malicious Microsoft Visual Studio Code (VS Code) extensions that are advertised as artificial intelligence (AI)-powered coding assistants, but also harbor covert functionality to siphon developer data to China-based servers.
The extensions, which have 1.5 million combined installs and are still available for download from the official Visual Studio…

Read the rest of the story at Read More

Source: The Hacker News

June 3, 2025 Uncategorized

Google Chrome to Distrust Two Certificat...

September 18, 2024 Uncategorized

Patch Issued for Critical VMware vCenter...

July 2, 2025 Uncategorized

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Related posts

Google Chrome to Distrust Two Certificat...

Patch Issued for Critical VMware vCenter...

Hackers Using PDFs to Impersonate Micros...

Leave a Comment Cancel reply

Recent News

Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers

Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions

CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog

Docker Fixes Critical Ask Gordon AI Flaw Allowing Code Execution via Image Metadata

[Webinar] The Smarter SOC Blueprint: Learn What to Build, Buy, and Automate

Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package

When Cloud Outages Ripple Across the Internet

APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks

Mozilla Adds One-Click Option to Disable Generative AI Features in Firefox

Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group