Windows Report

Hackers Spread Malware on GitHub Using Fake VS Code Alerts

Hackers target GitHub developers with fake VS Code alerts and CVEs, using malicious links to steal data and deliver malware.

Fake VS Code alerts on GitHub spread malware to developers

A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the ...

Paul Skenes thinking playoffs for Pirates on eve of opener vs. Freddy Peralta and new-look Mets

On the eve of opening day, Paul Skenes set forth lofty goals for the Pittsburgh Pirates. He says they want to win the NL ...
SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...
CSO Online

New ‘StoatWaffle’ malware auto‑executes attacks on developers

The newly observed malware abuses VS Code’s “runOn:folderOpen” feature to execute automatically from trusted projects, ...
The Hacker News

North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware

North Korean hackers exploit VS Code tasks.json auto-run since Dec 2025 to deploy StoatWaffle malware, stealing data and ...
Visual Studio Magazine

TypeScript 6.0 Ships as Final JavaScript-Based Release, Clears Path for Go-Native 7.0

Microsoft released TypeScript 6.0 on March 23, the last version built on the original JavaScript codebase, with three post-RC changes and a wave of deprecations designed to ready codebases for the ...

Newcastle vs Sunderland halted after discriminatory abuse from the crowd

The Premier League game between Newcastle and Sunderland was stopped after there was a report of discriminatory abuse from ...
How-To Geek on MSN

Android's sideloading changes, the big Visual Studio Code update, better Linux phones, and more: News roundup

Everything you may have missed from the past week.

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...

Oracle unveils Project Detroit for faster Java interop with JavaScript and Python

JavaOne Oracle has shipped Java 26, a short-term release, and introduced Project Detroit, which promises faster interop ...
The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...