GlassWorm campaign used 72 malicious Open VSX extensions and infected 151 GitHub repositories, enabling stealth supply-chain attacks on developers.

The U.S. Treasury Department on Thursday sanctioned six individuals and two companies accused of aiding North Korea in running a global scheme using remote IT workers to fund their weapons program.

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...

AI-powered bot hackerbot-claw exploited GitHub Actions workflows across Microsoft, DataDog, and CNCF projects over 7 days using 5 attack techniques. Bot achieved RCE in 5 of 7 targets, stole GitHub ...

One IDE to rule them all. You won't want to use anything else.

Vibe coding is programming by gut feel. You have an idea for a tool, a website, or a repetitive task you want to automate… but instead of enrolling in a coding boot camp or slogging through YouTube ...

As communities across the nation attempt to dig out from a massive winter storm, and brace for hazardous conditions that will linger throughout the week, states’ and school districts’ approaches to ...

Two malicious extensions in Microsoft’s Visual Studio Code (VSCode) Marketplace that were collectively installed 1.5 million times exfiltrate developer data to China-based servers. Both extensions are ...

It’s that time again. The calendar has flipped, the resolutions are written, and you’re probably sitting in your office chair at your office desk looking at a lukewarm cup of office coffee, wondering ...

Popular AI-powered integrated development environment solutions, such as Cursor, Windsurf, Google Antigravity, and Trae, recommend extensions that are non-existent in the OpenVSX registry, allowing ...

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Ludi Akue discusses how the tech sector’s ...