This article analyzes a malicious Visual Studio Code extension that implements ransomware-like behavior. It highlights how the extension encrypts files, uploads sensitive data, and communicates with a command and control server via a private GitHub repository. The piece questions how such obvious malware passed the marketplace review.

Microsoft has open-sourced the GitHub Copilot Chat extension for VS Code under the MIT license, allowing the community to access its full implementation and telemetry mechanisms. This move is part of Microsoft's plan to integrate AI features into the popular code editor, which has seen significant growth in the open-source AI ecosystem. While the original GitHub Copilot extension remains closed for now, Microsoft plans to transition its functionality into the open-source chat extension in the coming months.