GlassWorm poisoned 300 GitHub repositories since 2025, enabling supply chain attacks against developers and organizations.

GitHub CISO Alexis Wales confirmed Thursday that a poisoned build of the Nx Console Visual Studio Code extension — live on ...

The best code editor might actually be your best everything editor.

In a joint operation, CrowdStrike, Google and Shadowserver Foundation disrupted infrastructure used by the Glassworm ...

GitHub’s internal repositories — now staged publishing in npm 11.15.0 requires a human 2FA approval before any package goes ...

Bumblebee from Perplexity scans developer machines for compromised packages and AI tool configs, without triggering malware.

The four C&C channels used by GlassWorm, the botnet targeting open source software developers, have been disrupted.

Massive scale attack The "Megalodon" campaign compromised over 5,000 GitHub repositories in 6 hours by weaponizing automated GitHub Actions workflows that execute when developers push code or merge ...

Solidity remains the dominant smart contract language for Ethereum and EVM-compatible chains, with the 2025 developer survey collecting responses from developers across eighty-seven different ...

Microsoft has had a VS Code extension for a long time, and it finally came back to bite them.

A threat actor compromised an Nx developer and posed as a legitimate maintainer to publish a malicious extension on Visual ...

Microsoft has released VS Code 1.121 with remote AI agents, Mermaid rendering, HTML previews, and terminal optimizations.