GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...
Visual Studio Magazine

Going Local (& a Bit Loco) with Open-Source AI in VS Code

This hands-on PoC shows how I got an open-source model running locally in Visual Studio Code, where the setup worked, where it broke down, and what to watch out for if you want to apply a local model ...
XDA Developers on MSN

I've been vibe-coding my own Chrome extensions, and I can't stop

More fun than it should be, honestly.
InfoWorld

Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse

Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace ...
GitHub

pip installable DuckDB extensions

This repository does not publish on every upstream DuckDB extension commit. For a change (for example in duckdb-excel) to show up here: The change must be included in DuckDB's published extension ...
GitHub

mjmorales/vscode-generic-lsp-proxy

A flexible Language Server Protocol (LSP) proxy extension for VS Code that dynamically forwards requests to any LSP server based on configuration files. No more installing separate extensions for each ...
Infosecurity-magazine.com

Flaws in Popular Software Development App Extensions Allow Data Exfiltration

Researchers at OX Security have detected four vulnerabilities in three of the most popular integrated development environments (IDEs) that could lead to cyber-attacks. In a report published on ...
Bleeping Computer

Flaws in popular VSCode extensions expose developers to attacks

Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local ...