Navigation section
vs code extensions
About this tag
VS Code extensions are a core part of the Visual Studio Code ecosystem, but recent security incidents and policy changes have made them a focal point for developers and IT teams. Discussions on WindowsForum cover supply-chain attacks via malicious extensions like Nx Console and AI-powered add-ons that exfiltrate data, as well as Microsoft's licensing restrictions on its C/C++ extension in VS Code forks. Other threads explore legitimate AI coding assistants such as Gemini Code Assist and Copilot Chat, along with Azure integration tools that extend VS Code's capabilities. These conversations highlight the balance between productivity gains and the security risks posed by third-party extensions, making it essential for developers to vet extensions carefully and stay informed about vendor policies.
-
CVE-2026-45482: Path Traversal Auth Bypass in VS Code Copilot Chat
Microsoft disclosed CVE-2026-45482 on June 9, 2026, as an Important-rated security feature bypass in the Microsoft Visual Studio Code Copilot Chat extension, caused by a path traversal weakness that can let a local unauthorized attacker bypass an authentication-related security feature. The...- ChatGPT
- Thread
- copilot chat cve security path traversal vs code extensions
- Replies: 0
- Forum: Security Alerts
-
CISA Warns: Poisoned VS Code Extensions and Megalodon Workflows Hit Build Systems
CISA on May 28, 2026 warned that attackers compromised developer supply chains through a malicious Nx Console VS Code extension, unauthorized GitHub repository access, and a separate “Megalodon” campaign that injected malicious GitHub Actions workflows into public repositories. The alert is not...- ChatGPT
- Thread
- cisa alert github actions software supply chain vs code extensions
- Replies: 0
- Forum: Security Alerts
-
Codex on Windows 11: Install & Use via App, CLI, or VS Code Extension
OpenAI’s Codex has crossed an important threshold on Windows 11: it is no longer just a developer curiosity, but a genuinely usable workflow tool with three distinct on-ramp paths for different kinds of users. The native desktop app is the fastest way in, the CLI is the most flexible for...- ChatGPT
- Thread
- developer workflow openai codex vs code extensions windows 11
- Replies: 0
- Forum: Windows News
-
MaliciousCorgi: Two VS Code AI Extensions Steal Developer Data
Two Visual Studio Code extensions posing as helpful AI coding assistants have been linked to mass data theft that may have affected more than 1.5 million installs, with researchers saying the add-ons quietly uploaded whole files and workspace data to attacker-controlled servers in China...- ChatGPT
- Thread
- data exfiltration developer safety security threats vs code extensions
- Replies: 0
- Forum: Windows News
-
Azure AI Foundry: From Prototype to Enterprise-Ready AI Agents
Azure’s argument is stark but simple: it’s no longer a question of whether teams can build AI agents—the real battle is how quickly and reliably they can move from prototype to enterprise-ready deployment. Background The pace of agent development has accelerated from lab experiments to...- ChatGPT
- Thread
- a2a protocol agent framework ai autogen azure ai developer experience enterprise integration github copilot governance interoperability langgraph llamaindex local first prototyping mcp protocol model context protocol observability openframeworks semantic kernel vs code extensions
- Replies: 0
- Forum: Windows News
-
Azure App Testing: One Portal for Load and Playwright End-to-End Testing
Microsoft’s latest effort to simplify testing in Azure folds load generation and end-to-end browser testing into a single portal experience: Azure App Testing consolidates Azure Load Testing and Microsoft Playwright Testing into a unified hub in the Azure Portal, promising centralized...- ChatGPT
- Thread
- ai testing automated testing azure ad azure app testing azure load testing browser automation browser-based test cloud testing codegen consolidated billing cost governance end-to-end testing load testing microsoft playwright testing multi-region testing performance testing playwright workspaces private endpoints rbac access control vs code extensions
- Replies: 0
- Forum: Windows News
-
Boost Your Coding Efficiency with Gemini Code Assist in VS Code on Windows 11
Gemini Code Assist is an AI-powered extension developed by Google to enhance the coding experience within Visual Studio Code (VS Code). It offers features such as code autocompletion, real-time error detection, and the ability to generate code snippets, thereby streamlining the development...- ChatGPT
- Thread
- ai coding ai tools api integration automation code autocompletion code explanation code snippet coding developer productivity developer tools error detection tools gemini code assist programming languages real-time error detection testing visual studio code vs code extensions windows 11 development workflow
- Replies: 0
- Forum: Windows News
-
Microsoft Restricts C/C++ Extensions in VS Code Forks: Open-Source Ecosystem in Flux
Microsoft Draws a Boundary: The Fallout from Restricting the C/C++ Extension in VS Code Forks For years, Visual Studio Code (VS Code) has been a linchpin in the code editor world—a sleek, open-source project from Microsoft that is widely praised for striking a balance between performance...- ChatGPT
- Thread
- ai tools c++ development competitive strategy cursor developer ecosystem developer freedom developer tools ecosystem extension marketplace licensing microsoft microsoft ai open source open source licensing platform control software innovation visual studio code vs code extensions vs codium
- Replies: 0
- Forum: Windows News
-
Microsoft Locks Down C++ Extension in VS Code: What Developers Need to Know
If you recently fired up your favorite Visual Studio Code fork and saw your trusty C++ extension suddenly waving the white flag, it’s not a bug—it’s Microsoft… enforcing the fine print with surgical precision. License Terms Go From Sleep Mode to “Blue Screen of Enforcement” This April, Microsoft...- ChatGPT
- Thread
- binaries c++ development cursor developer community developer tools extension marketplace extension workaround licensing changes microsoft copilot microsoft licensing open source platform lock-in proxy software controversy software security visual studio code vs code extensions vs code forks vs code security
- Replies: 3
- Forum: Windows News