Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
winbuzzer.com

Malicious VS Code Extensions Steal Code from 1.5M Developers

Security researchers revealed two malicious VS Code extensions exfiltrated code snippets, API keys, and proprietary algorithms from 1.5 million developers to servers in China while masquerading as AI ...
The Hacker News

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Cybersecurity researchers have discovered two malicious Microsoft Visual Studio Code (VS Code) extensions that are advertised as artificial intelligence (AI)-powered coding assistants, but also harbor ...
The Hacker News

Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data

Cybersecurity researchers have discovered two new extensions on Microsoft Visual Studio Code (VS Code) Marketplace that are designed to infect developer machines with stealer malware. The VS Code ...
VentureBeat

Anthropic's Claude Code can now read your Slack messages and write code for you

Anthropic has launched a beta integration that connects its fast-growing Claude Code programming agent directly into Slack, allowing software engineers to delegate coding tasks without leaving the ...
TechSpot

Popular Chrome and Edge extensions go rogue, infecting over 4 million devices with spyware

A hot potato: Cybersecurity researchers have uncovered a sophisticated malware campaign that infected millions of computers via browser extensions on the Chrome Web Store and Microsoft Edge add-ons ...
CSOonline

Vibe-coded ransomware proof-of-concept ended up on Microsoft’s marketplace

A suspicious Visual Studio Code extension with file-encrypting and data-stealing behavior successfully bypassed marketplace review and entered the developer ecosystem. In a suspected test effort, ...
CBS News

Metro A Line extension in San Gabriel Valley opens with 4 new stops

Chelsea Hylton is a web producer for CBS Los Angeles. An Inglewood native, Hylton has her master's degree from USC. She covers local breaking news across the Southern California region. Before joining ...
Bleeping Computer

'WhiteCobra' floods VSCode market with crypto-stealing extensions

A threat actor named WhiteCobra has been targeting VSCode, Cursor, and Windsurf users by planting 24 malicious extensions in the Visual Studio marketplace and the Open VSX registry. The campaign is ...
GitHub

The Atom JavaScript grammar

This extension replaces the JavaScript grammar in Visual Studio Code with the JavaScript grammar from the Atom editor. This allows you to have the same syntax coloring experience as in Atom. Note: ...
GitHub

BUG: Extension passes Typescript to CodeQL for query packs instead of Javascript

When I was running the extension without manually setting the language, the scan would fail after building and analyzing the database: [2025-06-27T19:53:02.950Z] [WARN ] [CodeQLService ] Query pack ...