Fake VS Code alerts on GitHub spread malware to developers

A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the ...
Ars Technica

OpenAI brings plugins to Codex, closing some of the gap with Claude Code

OpenAI has added plugin support to its agentic coding app Codex in an apparent attempt to match similar features offered by competitors Anthropic (in Claude Code) and Google (in Gemini’s command line ...
InfoWorld

Visual Studio Code previews chat customizations editor

Just-released Version 1.113 of Microsoft’s Visual Studio Code editor emphasizes improvements ranging from chat customizations ...
Security Boulevard

An Evolving GlassWorm Malware is Making the Rounds of Code Repositories

GlassWorm is evolving. Security researchers say the malware, which infiltrates code repositories with malicious extensions, can now deploy a RAT, is targeting MCP servers, and has a new way of moving ...

Bubble AI app builder abused to steal Microsoft account credentials

Threat actors are evading phishing detection in campaigns targeting Microsoft accounts by abusing the no-code app-building ...
SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...
Macworld

Apple urges iPhone users to update as new DarkSword hacking tool lands online

Generally, iOS can be updated in the Settings app by tapping General > Software Update. However, Apple has a separate method ...
WinBuzzer

OpenAI Acquires Python Toolmaker Astral to Boost Codex AI Agent

OpenAI has acquired Astral, the company behind Python tools uv and Ruff, to integrate them into its Codex platform as it ...
Axios on MSN

Spyware once used by governments is now spreading to cybercriminals

Cybercriminal groups are now using spyware tools once utilized mainly by spies and law enforcement to hack into iPhones, new ...
MIT Technology Review

The Download: OpenAI is building a fully automated researcher, and a psychedelic trial blind spot

Plus: OpenAI is also creating a "super app." This is today's edition of The Download, our weekday newsletter that provides a ...
Dark Reading

GlassWorm Malware Evolves to Hide in Dependencies

Dozens of updated, malicious GlassWorm extensions have infested Open VSX, threatening software development supply chains.
SecurityWeek

ForceMemo: Python Repositories Compromised in GlassWorm Aftermath

Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python ...