For more than a year, a self-propagating worm rode VS Code extensions, npm packages, and stolen developer credentials through ...

Microsoft's May 2026 VS Code update makes BYOK usable in restricted environments while adding agent, browser and issue-reporting updates.

Microsoft has had a VS Code extension for a long time, and it finally came back to bite them.

A single browser tab, a single click on “Install,” and a cybercriminal group called TeamPCP was inside GitHub’s own house.

Claude Code plugins now have an official Anthropic-managed directory at github.com/anthropics/claude-plugins-official, consolidating 30-plus internal and 15 vetted external Claude Code extensions behi ...

Most software is assembled from thousands of borrowed components, and attackers have learned it is easier to poison a part ...

GitHub hack exposed 3,800 internal repos through a poisoned VS Code extension, raising new concerns over developer supply ...

CrowdStrike, in collaboration with Google and the Shadowserver Foundation, has dismantled an international botnet that ...

The four C&C channels used by GlassWorm, the botnet targeting open source software developers, have been disrupted.

An industry effort involving CrowdStrike, Google and the Shadowserver Foundation has led to the disruption of the Glassworm ...

Ubiquiti released a new security bulletin detailing fixes for six security issues, including one rated 9.1 (critical) and one scoring a perfect 10.0 on the CVE risk scale. The vulnerabilities ...