Bleeping Computer

Flaws in popular VSCode extensions expose developers to attacks

Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local ...
InfoWorld

Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse

Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace ...
XDA Developers on MSN

I've been vibe-coding my own Chrome extensions, and I can't stop

More fun than it should be, honestly.

Chrome Extension Hijacked to Deliver Malware, Steal Crypto Wallets

A compromised Chrome extension with 7,000 users was updated to deploy malware, strip security headers, and steal cryptocurrency wallet seed phrases.
XDA Developers on MSN

Google kept featuring this Chrome extension for months after it turned malicious

How can an extension change hands with no oversight?
GitHub

Visual Studio Code extension that provides CSS class name completion for the HTML class attribute based on Bulma CSS classes.

Completion based on the parent class. Your workflow will be faster and you will avoid the headache of searching for all available classes. If the attribute has a parent class like "card", it will ...
GitHub

Responsive Visibility – TYPO3 Extension

This extension adds a "Minimum Viewport" dropdown to the Appearance tab of every content element. When a breakpoint is selected, the element is only visible at that screen width and above. No custom ...
Microsoft

Running OpenClaw safely: identity, isolation, and runtime risk

Self-hosted agent runtimes like OpenClaw are showing up fast in enterprise pilots, and they introduce a blunt reality: OpenClaw includes limited built-in security controls. The runtime can ingest ...