Malicious Microsoft AI extensions might have hit over 1.5 million users

Two VSCode extensions are harvesting sensitive data and sending it to China.
GitHub

An experimental project using LLM technology to generate security documentation for Open Source Software (OSS) projects.

sec-docs is organized by programming language, with folders for each major OSS project. Each project contains subfolders with detailed analyses performed at a specific date using a certain LLM model.

Malicious AI extensions on VSCode Marketplace steal developer data

Marketplace that were collectively installed 1.5 million times, exfiltrate developer data to China-based servers.
GitHub

Language Server for Kotlin

The project is in an experimental, pre-alpha, exploratory phase with the intention to be productionized. We move fast, break things, and explore various aspects of the seamless developer experience ...

If You've Installed Any of These 17 Browser Extensions, Delete Them Now

Another wave of malicious browser extensions capable of tracking user activity have been found across Chrome, Firefox, and ...
Visual Studio Magazine

Buzz About VS Code Extension for Codebase Visualization

A new Visual Studio Code extension called Nogic sparked a wide-ranging Hacker News discussion, with commenters praising its ...
Visual Studio Magazine

Copilot Studio Extension for VS Code Goes GA

Microsoft has released the Copilot Studio extension for Visual Studio Code to general availability, enabling teams to build, ...