Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Visual Studio Code adds two-hour delay for automatic extension updates

Security Tool/Service
First reported
Last updated
Happening score
H score 10
1 unique sources, 1 articles

Summary

Hide ▲

Visual Studio Code (VS Code) will delay automatic extension updates by two hours starting in VS Code 1.123, reducing exposure to problematic or potentially compromised releases. The control adds a short buffer against software supply chain threats while still allowing manual updates at any time. Extensions from trusted publishers such as Microsoft, GitHub, and OpenAI continue to update immediately.

Related Happenings

Microsoft security patch release for CVE-2026-41089

Security Patch Release
First: 13.05.2026 00:46 Last: 13.05.2026 00:46 Sources 1

About this happening: **Microsoft** and other major software vendors shipped a heavy **May 2026** patch cycle, with fixes spanning **Windows**, **iOS**, **Firefox**, **Oracle** products, and **Chrome**...

Open Happening

Microsoft Windows 11 mandatory Patch Tuesday updates (KB5089549, KB5087420)

Security Patch Release
First: 12.05.2026 21:09 Last: 12.05.2026 21:09 Sources 1

About this happening: Microsoft released **mandatory Windows 11 cumulative updates** for **KB5089549** and **KB5087420**, delivering the **May 2026 Patch Tuesday** fixes for **120 vulnerabilities** acr...

Open Happening

GlassWorm OpenVSX sleeper extension campaign

Campaign
First: 28.04.2026 00:41 Last: 28.04.2026 00:41 Sources 1

About this happening: The **GlassWorm** operation has launched a **new wave** against **OpenVSX**, seeding **73 sleeper extensions** that become malicious after an **update** and can deliver malware to...

Open Happening

GlassWorm v2 cloned VS Code extension loaders

Malware Activity
First: 27.04.2026 14:23 Last: 27.04.2026 14:23 Sources 1

About this happening: The **GlassWorm v2** malware activity now uses **cloned VS Code extensions** on **Open VSX** to deliver payloads that steal credentials, deploy a **RAT**, and spread across multip...

Open Happening

Windows 11 cumulative updates KB5083769 and KB5082052 (April 2026 Patch Tuesday)

Security Patch Release
First: 14.04.2026 20:46 Last: 14.04.2026 20:46 Sources 1

About this happening: **Microsoft** released mandatory **Windows 11** cumulative updates **KB5083769** and **KB5082052** to fix security vulnerabilities across **25H2, 24H2, and 23H2**. The **April 202...

Open Happening

Timeline

  1. 08.06.2026 09:08 2 articles · 11h ago

    Microsoft delays automatic VS Code extension updates by two hours

    Initial Disclosure

    Microsoft announced that Visual Studio Code (VS Code) will automatically wait two hours before updating extensions to newer versions, starting in VS Code 1.123, to reduce exposure to problematic or potentially compromised releases. Users can still update extensions immediately with the Update button, and the delay does not apply to trusted publishers such as Microsoft, GitHub, and OpenAI.

    Show sources
    Open in new tab