Visual Studio developers are targeted with a self-propagating worm in a sophisticated supply chain attack through the OpenVSX ...

Researchers outline how the PhantomRaven campaign exploits hole in npm to enable software supply chain attacks.

A malware that steals credentials and cryptocurrencies uses Unicode for invisible code and installs a remote access trojan.

The Open VSX registry rotated access tokens after they were accidentally leaked by developers in public repositories and allowed threat actors to publish malicious extensions in an attempted ...

GlassWorm spread via 14 VS Code extensions; Solana + Google Calendar C2; stole credentials, drained 49 wallets.

A new malware worm campaign has infected multiple Microsoft Visual Studio Code extensions using invisible Unicode characters to hide malicious code from both reviewers and security tools, security ...

A new and ongoing supply-chain attack is targeting developers on the OpenVSX and Microsoft Visual Studio marketplaces with self-spreading malware called GlassWorm that has been installed an estimated ...

A free roadside safety kit is being offered under the auspices of AAA, but it's acvtual a phishing scheme that not only levies a "shipping charge," but uses bank card numbers for unrelated items. The ...

Prompt injection attacks are a security flaw that exploits a loophole in AI models, and they assist hackers in taking over ...

A new cyber threat is affecting developers worldwide who work with Visual Studio Code. Researchers at Koi Security have discovered an attack they call ...