#VsCode

2026-02-16

Jak można było kraść pliki serwowane na localhost? Podatność XSS we wtyczce Live Preview (VSCode) sekurak.pl/jak-mozna-bylo-kras #Aktualnoci #Wbiegu #Podatno #Vscode #Wtyczki #XSS

2026-02-16

Jak można było kraść pliki serwowane na localhost? Podatność XSS we wtyczce Live Preview (VSCode)

Badacze z OX Research odkryli podatność w rozszerzeniu Live Preview do Visual Studio Code. Pozwala ona złośliwym stronom internetowym ominąć zabezpieczenia i uzyskać dostęp do kodu źródłowego projektu, a także plików konfiguracyjnych (w folderze, w którym użytkownik uruchomił wtyczkę). Atakujący są w stanie zdalnie wykraść poświadczenia, klucze dostępu oraz inne...

#Aktualności #WBiegu #Podatność #Vscode #Wtyczki #XSS

sekurak.pl/jak-mozna-bylo-kras

2026-02-15

💻 #code-server runs #VSCode in your browser on any machine anywhere #IDE #opensource #developer #vscode

⚡ Code on any device with consistent development environment - tablets, phones, or any browser

🚀 Use cloud servers to speed up tests, compilations & downloads with better hardware resources

🔋 Preserve battery life on mobile devices - all intensive computational tasks run on remote server

🌐 Access your full development environment from anywhere with just an internet connection

🧵 👇

2026-02-14

Ok. Wow. Ich hab gerade mit der kostenlosen Variante von #Perplexity einen Prompt für #ClaudeCode erzeugen lassen. Diesen habe ich quer gelesen und dann so in Claude Code in #VSCode gegeben. Der Agent lief ca. 20-30 Minuten. 29 geänderte bzw. hinzugefügte Dateien.
Das ganze hat mich mit #Opus46 10€ gekostet. 💸😮
Aber es funktioniert. Tadellos. 🦾 #vibecoding

2026-02-13

Okokok. Dank eines Referrer Codes kann ich 7 Tage #ClaudeCode ausprobieren. Mit #VSCode Plugin ist das quasi wie #antigravity 🤯.
Hab heute einen #OpenClaw Skill für #Joplin damit entwickelt. Und bin dabei die Android-Entwicklung auszuprobieren.
Game-Changer. 😳

2026-02-13

#DearDiary, today I diagnosed an issue, fixed it, and submitted a PR for somebody else's #code for a #vscode extension, because I wanted to use that extension to work on my own project but couldn't without the #bugfix. Now the extension works (on my machine) and I can get back to shaving this yak.

#tech #technology #devops #development #developer #devjournal #git #yakshaving

2026-02-13

VS Code extensions + Intune = secure, automated dev tooling. 💡 Deploy safely, reduce risk, improve DX. Watch @sassdawe.bsky.social@bsky.brid.gy & @bjompen.com@bsky.brid.gy at #PSConfEU2025 👇 🎟️ Join us next year in Wiesbaden → psconf.eu #PowerShell #PSConfEU2026 #VSCode #Intune

- YouTube

[Show GN: Agents Skills를 Github gist 기반으로 동기화 하는 도구

GitHub Gist 기반으로 Agent Skills를 동기화하는 도구인 Show GN: Agents Skills가 개발되었습니다. 이 도구는 로컬 Agent Skills 상태를 private GitHub Gist에 백업 및 동기화할 수 있으며, pull, push, merge, auto 4가지 동기화 모드를 지원합니다. 또한, --dry-run 및 --json 옵션을 통해 적용 전 검증이 가능하며, auth 명령어를 통해 토큰 및 동기화 상태를 관리할 수 있습니다.

news.hada.io/topic?id=26636

#github #agent #skills #vscode #cli

Lifestyle Lottofeerenao@ruhr.social
2026-02-12

Bin noch nicht ganz warm, aber als #vscode Ersatz und als #sublimetext Veteran hab ich jetzt einfach mal auf #kdekate als Editor der Wahl gesetzt. Hat es sonst auch schon auf meine Windows VM geschafft.

Bisschen meine neue Crush gerade <3

2026-02-12

thank you for your service #jetbrains, but after years of daily use i've almost entirely switched to #vscode for all of my work.
your refactory tools are still unmatched, but you've become too big & slow to be usable (i'm looking particularly at you, #rider)

2026-02-12

Imagine a protocol like #LSP, but for adding real-time collaboration to existing text editors. It would allow #Neovim to edit a #Hedgedoc, or peer-to-peer pair programming between #VSCode and #Emacs!

We've come up with our own little protocol like that (for Teamtype), but we'd like to open up the discussion:

That's why we're inviting everyone interested to an initial online gathering on Feb 26, 19:00 UTC, to gauge interest for working on a protocol like this together!

md.ha.si/collaborative-editing

A diagram that connects text editors on the left to collaborative applications on the right, using a common, shared protocol, labelled the "Collaborative Editing Protocol".
2026-02-12

RE: techhub.social/@Techmeme/11605

We face a similar issue at $work. The bean counters and governance sticklers only approve #Microsoft products like #Copilot, while #Claude Opus handily beats it in accuracy and productivity.

Also, Copilot outside of #VSCode doesn’t support the Model Context Protocol for extensions, only approved Microsoft “agents.” So interop with other applications and services is limited to copying and pasting text, or sharing files via #OneDrive.

At least the #GitHub flavor of Copilot supports #Anthropic models, albeit at a premium compared to the largely #OpenAI-derived defaults.

#AI

Sexybiggetje🐖martijn@ieji.de
2026-02-12

Moved my work laptop from #vscode to #zed with #vim keybindings 🧡💛🩵💚💙

Francis Rubio :verified_gay:teacherbuknoy@masto.ai
2026-02-11

Currently developing an app in #Java with just #vscode and running Maven in the terminal. I can get used to this, to be honest. Despite IntelliJ IDEA's bells and whistles.

I just have to figure out now how to debug breakpoints and I'll be leaving IntelliJ for good.

2026-02-10

🚀 The #Postman #MCP Server is pure magic — connect your AI agents directly to your #API workflows. 100+ tools for testing, code generation & collection management. Works with #Claude, #VSCode, #Cursor & more 🔥
github.com/postmanlabs/postman

2026-02-10

File Change Follower
A VS Code extension that follows file changes in real-time, automatically opening editors and scrolling to edits as they happen. Perfect for watching CLI-based coding agents work.
#vscode

isaacl.dev/g0x

2026-02-10

:microsoft: Evelyn Stealer Malware abuses VS Code Extensions to steal Developer Credentials & Crypto.

IT-Security researchers have disclosed details of a malware campaign that's targeting software developers with a new information stealer called Evelyn Stealer by weaponizing the Microsoft Visual Studio Code [VS Code] extension ecosystem.

⚠️"The malware is designed to exfiltrate sensitive information, including developer credentials and cryptocurrency-related data. Compromised developer environments can also be abused as access points into broader organizational systems," Trend Micro said in an analysis.⚠️

trendmicro.com/en_us/research/

#microsoft #vscode #evelyn #stealer #it #security #privacy #engineer #media #developer #infosec #tech #news

The activity is designed to single out organizations with software development teams that rely on VS Code and third-party extensions, along with those with access to production systems, cloud resources, or digital assets.

👾It's worth noting that details of the campaign were first documented by Koi Security last month, when details emerged of three VS Code extensions — BigBlack.bitcoin-black, BigBlack.codo-ai, and BigBlack.mrbigblacktheme — that ultimately dropped a malicious downloader DLL ["Lightshot.dll"] responsible for launching a hidden PowerShell command to fetch and execute a second-stage payload ["runtime.exe"].👾

The executable, for its part, decrypts and injects the main stealer payload into a legitimate Windows process ["grpconv.exe"] directly in memory, allowing it to harvest sensitive data and exfiltrate it to a remote server ["server09.mentality[.]cloud"] over FTP in the form of a ZIP file.

⁉️Some of the information collected by the malware includes:⁉️

• Clipboard content
• Installed apps
• Cryptocurrency wallets
• Running processes
• Desktop screenshots
• Stored Wi-Fi credentials
• System information
• Credentials and stored cookies from Google Chrome and Microsoft Edge[ImageSource: Trend Micro]

👾In addition, it implements safeguards to detect analysis and virtual environments and takes steps to terminate active browser processes to ensure a seamless data collection process and prevent any potential interference when attempting to extract cookies and credentials.👾

This is achieved by launching the browser via the command line by setting the following flags for detection and forensic traces:

• headless=new, to run in headless mode
• disable-gpu, to prevent GPU acceleration
• no-sandbox, to disable browser security sandbox
• disable-extensions, to prevent legitimate security extensions from interfering
• disable-logging, to disable browser log generation
• silent-launch, to suppress startup notifications
• no-first-run, to bypass initial setup dialogs
• disable-popup-blocking, to ensure malicious content can execute
• window-position=-10000,-10000, to position the window off-screen
• window-size=1,1, to minimize window to 1x1 pixel

⁉️"The [DLL] downloader creates a mutual exclusion (mutex) object to ensure that only one instance of the malware can run at any given time, ensuring that multiple instances of the malware cannot be executed on a compromised host," Trend Micro said. "The Evelyn Stealer campaign reflects the operationalization of attacks against developer communities, which are seen as high-value targets given their important role in the software development ecosystem."⁉️

Client Info

Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst