VS Code extensions since Dec 21, 2025 fuel GlassWorm v2, installing cross-IDE malware and stealing credentials.

What makes Codex useful for building websites is that it can install software packages, run a local preview server, track ...

Socket has notified the Eclipse Foundation, which oversees the Open VSX marketplace, of the latest fraudulent additions, and Burckhardt expects that by now all 73 have been deleted.

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a cross-platform RAT. Axios sits in 80% of cloud environments. Huntress confirmed ...

GlassWorm, a known malware, has put 73 harmful extensions into OpenVSX's registry. Hackers use it to steal developers' crypto ...

The leak provides competitors—from established giants to nimble rivals like Cursor—a literal blueprint for how to build a high-agency, reliable, and commercially viable AI agent.

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.

Amazon has launched a new Fire TV Stick HD. It's moving to a new operating system called Vega OS instead of the long running ...

Microsoft officially announced TypeScript 7.0 Beta on April 21, 2026. The company says TypeScript 7.0 is often 10 times faster than 6.0. The beta ships through @typescript/native-preview@beta and tsgo ...

GHENT, Belgium, April 20, 2026 (GLOBE NEWSWIRE) -- Aikido Security today launched Aikido Endpoint, a lightweight security agent that protects developer devices against software supply chain attacks by ...