GlassWorm poisoned 300 GitHub repositories since 2025, enabling supply chain attacks against developers and organizations.
GitHub CISO Alexis Wales confirmed Thursday that a poisoned build of the Nx Console Visual Studio Code extension — live on ...
The best code editor might actually be your best everything editor.
In a joint operation, CrowdStrike, Google and Shadowserver Foundation disrupted infrastructure used by the Glassworm ...
GitHub’s internal repositories — now staged publishing in npm 11.15.0 requires a human 2FA approval before any package goes ...
Bumblebee from Perplexity scans developer machines for compromised packages and AI tool configs, without triggering malware.
The four C&C channels used by GlassWorm, the botnet targeting open source software developers, have been disrupted.
Massive scale attack The "Megalodon" campaign compromised over 5,000 GitHub repositories in 6 hours by weaponizing automated GitHub Actions workflows that execute when developers push code or merge ...
Solidity remains the dominant smart contract language for Ethereum and EVM-compatible chains, with the 2025 developer survey collecting responses from developers across eighty-seven different ...
Microsoft has had a VS Code extension for a long time, and it finally came back to bite them.
A threat actor compromised an Nx developer and posed as a legitimate maintainer to publish a malicious extension on Visual ...
Microsoft has released VS Code 1.121 with remote AI agents, Mermaid rendering, HTML previews, and terminal optimizations.