The infamous GlassWorm malware has infected dozens more Open VSX software packages, according to new research.

Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python repositories.

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...

Microsoft's new Azure Skills Plugin bundles curated Azure skills, the Azure MCP Server, and the Foundry MCP Server into a single install that gives AI coding agents both the expertise and execution ...

These heroes of open source software are hard at work behind the scenes without you even realizing it.

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...

Microsoft’s Visual Studio Code development environment will move from monthly updates to a weekly release schedule, beginning with version 1.111, according to the development team.

Latest VS Code update introduces prepackaged bundles of chat customizations that can include skills, commands, agents, MCP ...

Visual Studio Code 1.110 (February 2026) adds new agent extensibility, browser-driving chat tools, and expanded chat accessibility.

You can create a release to package software, along with release notes and links to binary files, for other people to use. Learn more about releases in our docs.