The state of AI dev tools in 2026.

Critical and high-severity vulnerabilities were found in four widely used Visual Studio Code extensions with a combined 128 million downloads, exposing developers to file theft, remote code execution, ...

Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local ...

Cybersecurity researchers from Socket’s Threat Research team have identified a developer-compromise supply chain attack targeting macOS users, where malicious versions of popular developer extensions ...

VS Code forks are diverging rapidly, not just in features, but in how they structure AI-assisted development workflows. Cursor emphasizes speed and visual polish, Windsurf leans toward dynamic ...

Mac users often assume they're safer than everyone else, especially when they stick to official app stores and trusted tools. That sense of security is exactly what attackers like to exploit. Security ...

VS Code snippets and keybinding-based editor.action.insertSnippet commands can replicate the core behavior of unmaintained extensions such as htmltagwrap. Different approaches -- custom extensions, ...

Popular artificial intelligence (AI)-powered Microsoft Visual Studio Code (VS Code) forks such as Cursor, Windsurf, Google Antigravity, and Trae have been found to recommend extensions that are ...

A new wave of the GlassWorm malware is now targeting macOS developers by hiding malicious code inside fake Visual Studio Code extensions designed to steal cryptocurrency, credentials, and sensitive ...