Attackers can abuse VS Code configuration files for RCE when a GitHub Codespaces user opens a repository or pull request.

A compromised Open VSX publisher account was used to distribute malicious extensions in a new GlassWorm supply chain attack.

Anyone can do it!

A new around of vulnerabilities in the popular AI automation platform could let attackers hijack servers and steal ...

Compare the top 5 multi-factor authentication software in 2026. Find the best customer MFA solution for your apps with our detailed platform review.

Two vulnerabilities in the n8n workflow automation platform could allow attackers to fully compromise affected instances, access sensitive data, and execute arbitrary code on the underlying host.

Discover the leading AI code review tools reshaping DevOps practices in 2026, enhancing code quality, security, and team productivity with automated solutions.

The Supreme Court is taking up a case on whether Paramount violated the 1988 Video Privacy Protection Act (VPPA) by ...

North Korea is doubling down on a familiar playbook by weaponizing trust in open-source software and developer workflows. The ...

网络安全研究人员发现两款伪装成AI编程助手的恶意VS Code插件，总安装量达150万次。这些插件分别是"ChatGPT-中文版"和"ChatGPT-ChatMoss"，功能正常但暗中将用户打开的文件和源代码修改发送至中国服务器。插件还内置实时监控功能，可远程触发窃取工作区文件，并通过隐藏框架加载四个中国数据分析SDK进行设备指纹识别。

Security researchers found two AI-branded VS Code extensions with 1.5M installs that covertly send source code and files to ...