{"id":215135,"date":"2026-02-18T07:30:00","date_gmt":"2026-02-18T12:30:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/02\/18\/flaws-in-four-popular-vs-code-extensions-left-128-million-installs-open-to-attack\/"},"modified":"2026-02-19T02:05:14","modified_gmt":"2026-02-19T07:05:14","slug":"flaws-in-four-popular-vs-code-extensions-left-128-million-installs-open-to-attack","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/02\/18\/flaws-in-four-popular-vs-code-extensions-left-128-million-installs-open-to-attack\/","title":{"rendered":"Flaws in four popular VS Code extensions left 128 million installs open to attack"},"content":{"rendered":"

Flaws in four popular VS Code extensions left 128 million installs open to attack<\/a><\/p>\n

https:\/\/www.csoonline.com\/article\/4133800\/flaws-in-four-popular-vs-code-extensions-left-128-million-installs-open-to-attack.html<\/a><\/p>\n

Publish Date: 2026-02-18 07:30:00<\/a><\/p>\n

Source Domain: www.csoonline.com<\/a><\/p>\n

VS Code extensions are add-ons that expand the functionality of Microsoft\u2019s widely used code editor, adding capabilities such as language support, debugging tools, live preview, and code execution. They run with broad access to local files, terminals, and network resources, which is what made these vulnerabilities consequential.<\/p>\n

Unlike the rogue extensions that threat actors have repeatedly planted in the VS Code marketplace, these flaws resided in legitimate, widely installed tools, meaning developers had no reason to suspect them, OX Security said in an advisory.<\/p>\n

\u201cOur research demonstrates that a hacker needs only one malicious extension, or a single vulnerability within one extension, to perform lateral movement and compromise entire organizations,\u201d the advisory added.<\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Flaws in four popular VS Code extensions left 128 million installs open to attack https:\/\/www.csoonline.com\/article\/4133800\/flaws-in-four-popular-vs-code-extensions-left-128-million-installs-open-to-attack.html…<\/p>\n","protected":false},"author":1,"featured_media":215136,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.csoonline.com\/wp-content\/uploads\/2026\/02\/4133800-0-43249100-1771417822-shutterstock_2324952281.jpg?quality=50&strip=all&w=1024","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[35,27],"class_list":["post-215135","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-hacker","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/215135"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=215135"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/215135\/revisions"}],"predecessor-version":[{"id":215137,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/215135\/revisions\/215137"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/215136"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=215135"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=215135"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=215135"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}