The Hacker News

Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware

While the Windows maker did not attribute the activity to a specific threat actor, the use of VS Code tasks and Vercel ...
Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...

Flaws in popular VSCode extensions expose developers to attacks

Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local ...
SecurityWeek

Over 300 Malicious Chrome Extensions Caught Leaking or Stealing User Data

More than 300 Chrome extensions were found to be leaking browser data, spying on users, or stealing user information.
winbuzzer.com

Malicious VS Code Extensions Steal Code from 1.5M Developers

Security researchers revealed two malicious VS Code extensions exfiltrated code snippets, API keys, and proprietary algorithms from 1.5 million developers to servers in China while masquerading as AI ...
The Hacker News

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Cybersecurity researchers have discovered two malicious Microsoft Visual Studio Code (VS Code) extensions that are advertised as artificial intelligence (AI)-powered coding assistants, but also harbor ...
Bleeping Computer

Malicious VSCode extensions on Microsoft's registry drop infostealers

Two malicious extensions on Microsoft's Visual Studio Code Marketplace infect developers' machines with information-stealing malware that can take screenshots, steal credentials, crypto wallets, and ...
VentureBeat

Anthropic's Claude Code can now read your Slack messages and write code for you

Anthropic has launched a beta integration that connects its fast-growing Claude Code programming agent directly into Slack, allowing software engineers to delegate coding tasks without leaving the ...
winbuzzer.com

JavaScript Turns 30: Why The World’s Most Popular Language Faces a Trademark Revolt

Marking its 30th anniversary on Thursday, the world’s most popular programming language faces a bitter ongoing custody battle rather than a celebration. Creators and community leaders are stepping up ...
CSOonline

Vibe-coded ransomware proof-of-concept ended up on Microsoft’s marketplace

A suspicious Visual Studio Code extension with file-encrypting and data-stealing behavior successfully bypassed marketplace review and entered the developer ecosystem. In a suspected test effort, ...
GitHub

Provide a way to reduce the noisy output when running extension tests to reduce context bloat and agent confusion

When I run extension tests on GitHub actions, there's a lot of unwanted output printed. When trying to have agents run the tests, this all ends up in the context and the model sometimes attribute ...
GitHub

BUG: Extension passes Typescript to CodeQL for query packs instead of Javascript

When I was running the extension without manually setting the language, the scan would fail after building and analyzing the database: [2025-06-27T19:53:02.950Z] [WARN ] [CodeQLService ] Query pack ...