The Hacker News

SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack

SAP npm packages poisoned on April 29, 2026 + AES-256-GCM encrypted credential theft + AI coding tools abused for spread.

Notepad++ Code Editor Comes to Mac After 20-Year Wait

The popular Notepad++ coding editor is now available as a native macOS app, following an unofficial open-source community ...
Cryptopolitan

Hackers plant 73 sleeper extensions in OpenVSX to steal crypto wallets

GlassWorm, a known malware, has put 73 harmful extensions into OpenVSX's registry. Hackers use it to steal developers' crypto ...
Dark Reading

Fresh Wave of GlassWorm VS Code Extensions Slices Through Supply Chain

Attackers continue to scale a campaign to seed Open VSX with seemingly benign VS Code extensions that spread self-propagating ...
CSO Online

More fake extensions linked to GlassWorm found in Open VSX code marketplace

Socket has notified the Eclipse Foundation, which oversees the Open VSX marketplace, of the latest fraudulent additions, and Burckhardt expects that by now all 73 have been deleted.

Visual Studio April update adds autonomous cloud agents and a new debugger agent

Microsoft is making Visual Studio more agentic. New tools handle remote coding tasks and analyze live app behavior to find ...

Checkmarx-style supply chain attack hits password manager Bitwarden

A malicious version of the Bitwarden command-line interface (CLI) password manager was briefly distributed via the Node ...
The Hacker News

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

Malicious KICS Docker tags and VS Code versions 1.17.0, 1.19.0 enabled data exfiltration, risking exposed infrastructure ...
Visual Studio Magazine

TypeScript 7.0 Beta Arrives on Go-Based Foundation With 10x Speed Claim

Microsoft officially announced TypeScript 7.0 Beta on April 21, 2026. The company says TypeScript 7.0 is often 10 times faster than 6.0. The beta ships through @typescript/native-preview@beta and tsgo ...
InfoQ

Anthropic Accidentally Exposes Claude Code Source via npm Source Map File

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Dany Lepage discusses the architectural ...
Gizmodo

Microsoft Visual Studio Professional 2026 Bundle at 97% Off With Premium Coding Certification Included, a Complete Learn-to-Code Package

This article features deals sourced directly by Gizmodo and produced independently of the editorial team. We may earn a commission when you buy through links on the site. Reading time 2 minutes ...