The Hacker News

GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs

GlassWorm uses a fake WakaTime VS Code extension to infect IDEs, deploy RATs, and steal data, prompting urgent credential ...
Cyber Daily

Your developers work for cyber gangs

In-house software built in March with open-source components may include malware placed there by criminals. This isn’t a ...
AUTO Connected Car News

GlassWorm Supply Chain Cyber Attack Threatens Connected Cars

This is GlassWorm: a software supply chain attack that security researchers are calling one of the most sophisticated and ...

GitHub developers targeted by fake VS Code alerts spreading malware

Socket uncovers large-scale GitHub spam campaign abusing “Discussions” notifications Fake advisories with bogus CVEs trick developers into downloading malware via cloud-hosted links Thousands of ...
SecurityWeek

ForceMemo: Python Repositories Compromised in GlassWorm Aftermath

Hundreds of GitHub accounts were accessed using credentials stolen in the VS Code GlassWorm campaign. Threat actors have been abusing credentials stolen in the VS Code GlassWorm campaign to hack ...
InfoWorld

Visual Studio Code

Zed, Eclipse Theia IDE, Lite XL, and Cursor all offer some advantages over VS Code, at least for now. Zed and Cursor stand apart. Microsoft's new all-in-one data-science pack for Python in VS Code ...
CSOonline

Flaws in four popular VS Code extensions left 128 million installs open to attack

Critical and high-severity vulnerabilities were found in four widely used Visual Studio Code extensions with a combined 128 million downloads, exposing developers to file theft, remote code execution, ...
SecurityWeek

VS Code Configs Expose GitHub Codespaces to Attacks

VS Code-integrated configuration files are automatically executed in Codespaces when the user opens a repository or pull request. The automatic execution of VS Code-integrated configuration files when ...
winbuzzer.com

Malicious VS Code Extensions Steal Code from 1.5M Developers

Security researchers revealed two malicious VS Code extensions exfiltrated code snippets, API keys, and proprietary algorithms from 1.5 million developers to servers in China while masquerading as AI ...
bitnewsbot

Malicious VS Code AI extensions exfiltrate dev code to China

Two malicious VS Code extensions (1.5M installs) secretly exfiltrate source files to a China-based server, while PackageGate zero-days affect JavaScript package managers—pnpm, vlt and Bun patched; npm ...
Bleeping Computer

Malicious AI extensions on VSCode Marketplace steal developer data

Two malicious extensions in Microsoft’s Visual Studio Code (VSCode) Marketplace that were collectively installed 1.5 million times exfiltrate developer data to China-based servers. Both extensions are ...
blockchain

Claude Code VS Code Extension Now Generally Available: Enhanced AI Coding with Slash ...

According to @claudeai, the Claude Code extension for Visual Studio Code has reached general availability, providing developers with advanced AI coding assistance ...