The Hacker News

SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack

SAP npm packages poisoned on April 29, 2026 + AES-256-GCM encrypted credential theft + AI coding tools abused for spread.
Visual Studio Magazine

VS Code Curbs Token Use Ahead of Copilot's Controversial Usage-Based Billing Switch

Just two days after GitHub announced usage-based billing for Copilot, Microsoft shipped VS Code 1.118 -- under its new weekly release cadence -- with significant token efficiency improvements designed ...
The Hacker News

Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware

VS Code extensions since Dec 21, 2025 fuel GlassWorm v2, installing cross-IDE malware and stealing credentials.
XDA Developers on MSN

Claude Code replaced my bloated PC optimization tools with custom scripts, and my Windows PC has never been happier

Say "no" to running dubious scripts.
CSO Online

More fake extensions linked to GlassWorm found in Open VSX code marketplace

The threat actor seeding the Open VSX code marketplace with fraudulent extensions that download the GlassWorm malware has ...
XDA Developers on MSN

I stopped switching to a terminal to run scripts once I found VS Code's task runner

The hidden VS Code tool has replaced the terminal for me.

AWS brings OpenAI’s AI models and Codex programming assistant to its cloud

OpenAI Group PBC’s large language models available on its cloud platform. The algorithms are accessible through Amazon ...