Socket has notified the Eclipse Foundation, which oversees the Open VSX marketplace, of the latest fraudulent additions, and Burckhardt expects that by now all 73 have been deleted.

A new report from ReversingLabs identified a new tactic by North Korean hackers: feeding malicious code to the AI systems ...

As supply-chain attacks against widely-used, open-source software repositories continue, experts are urging developers to not ...

Business owners are splitting into three camps as rapid technological shifts create pressure to either reinvest or exit, ...

Legislation intended to increase the nation's housing supply could end up constraining a segment of the real estate industry.

Node.js does not need more theatrical security output. It needs better developer workflow infrastructure. It needs tools that ...

VS Code extensions since Dec 21, 2025 fuel GlassWorm v2, installing cross-IDE malware and stealing credentials.

GlassWorm, a known malware, has put 73 harmful extensions into OpenVSX's registry. Hackers use it to steal developers' crypto ...

Symphony offers a glimpse of how enterprises may move from using AI as a coding assistant to managing it as part of the ...

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.

CVE-2026-5752 CVSS 9.3 flaw in Terrarium enables root code execution via Pyodide prototype traversal, risking container ...

Firefox 150 adds page reordering, exporting, and image saving to its built-in PDF viewer, plus split-view improvements and ...