Fake VS Code alerts on GitHub spread malware to developers

A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the ...
Bleeping Computer

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. Evidence ...

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible ...
The Hacker News

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

"The C2 hosts a web-based graphical user interface (GUI) titled 'NEXUS Listener' that can be used to view stolen information ...
InfoWorld

GitHub Copilot CLI adds Rubber Duck review agent

Rubber Duck uses a second model from a different AI family to evaluate the primary agent’s plans, question assumptions, and ...
Visual Studio Magazine

Hands On with OpenClaw Node for VS Code: Real Workflow, Real Friction

OpenClaw's Node for VS Code extension proved it can support a real local file-based workflow, but on Windows the experience still feels more like early infrastructure than finished tooling.