VS Code extensions with 125M+ installs expose users to cyberattacks

Four popular VS Code extensions with over 125 million installs have security flaws that could allow remote attackers to steal files and execute code. These vulnerabilities highlight a critical gap in developer security, as extensions can act as a gateway to an organization’s sensitive assets.