Abusing VSCode Features Attack Paths for Remote VSCode Compromise Creating a Malicious Extension Publishing onto VSCode Marketplace Installing the Malicious Extension Attack Path for Stealing Credentials Conclusion Over the past several years, there has been a mantra of “shift left” to push security to the beginning of the development lifecycle. Although this is a great approach to enable developers to focus on functionality whilst providing security guidance, it does so at the cost of cr...
