Bleeping Computer

Flaws in popular VSCode extensions expose developers to attacks

Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local ...
Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
Dark Reading

Malicious Next.js Repos Target Developers Via Fake Job Interviews

Linked to North Korean fake job-recruitment campaigns, the poisoned repositories are aimed at establishing persistent C2 ...
Visual Studio Magazine

VS Code Team Member Blames User Trust Decisions in Repo-Based Attacks

A Hacker News commenter identifying as a VS Code team member said Workspace Trust is the intended security protection against repo-based attacks. The commenter acknowledged user experience issues and ...

Wikipedia hit by self-propagating JavaScript worm that vandalized pages

The Wikimedia Foundation suffered a security incident today after a self-propagating JavaScript worm began vandalizing pages ...

Bey scores 42 points, Pelicans beat Jazz 129-118 to open 2-game set in Utah

Saddiq Bey scored 42 points, Zion Williamson had 20 and the New Orleans Pelicans beat the Utah Jazz 129-118 on Thursday night to open a two-game set.
Visual Studio Magazine

How I Built a 'Journalist' AI Agent in VS Code to Replace Me

Having long ago seen the handwriting on the wall for the journalism profession with the debut of GenAI, I decided to just cut to the chase and build my replacement now.
PCMag

Wikipedia Forced to Lock Down Edits Over JavaScript That Could Delete Pages

The nonprofit that oversees Wikipedia briefly enforced a 'read-only' mode on Thursday morning as users spotted code designed ...