In a a robust Hacker News thread sparked by Jamf Threat Labs research, a VS Code team member defended the editor's Workspace Trust model as the primary safeguard against repo-based malware -- while ...
North Korea is doubling down on a familiar playbook by weaponizing trust in open-source software and developer workflows. The ...
Marketplace that were collectively installed 1.5 million times, exfiltrate developer data to China-based servers.
Popular AI-powered integrated development environment solutions, such as Cursor, Windsurf, Google Antigravity, and Trae, recommend extensions that are non-existent in the OpenVSX registry, allowing ...
Eclipse Foundation to require pre-publish security checks for Open VSX extensions to reduce VS Code supply-chain risk.
A new Visual Studio Code extension called Nogic sparked a wide-ranging Hacker News discussion, with commenters praising its ...
Another wave of malicious browser extensions capable of tracking user activity have been found across Chrome, Firefox, and ...
Corin Cesaric is a Flex Editor at CNET. She received her bachelor's degree in journalism from the University of Missouri-Columbia. Before joining CNET, she covered crime at People Magazine and ...
Two malicious VS Code extensions have exfiltrated code snippets, API keys, and proprietary algorithms from 1.5 million ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results