GlassWorm, a known malware, has put 73 harmful extensions into OpenVSX's registry. Hackers use it to steal developers' crypto ...

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.

A malicious version of the Bitwarden command-line interface (CLI) password manager was briefly distributed via the Node ...

Attackers continue to scale a campaign to seed Open VSX with seemingly benign VS Code extensions that spread self-propagating ...

VS Code extensions since Dec 21, 2025 fuel GlassWorm v2, installing cross-IDE malware and stealing credentials.

VS Code 1.117 adds bring-your-own model key support for Copilot Business and Enterprise users and introduces a set of chat, agent, terminal, and TypeScript updates.

Try these extensions and you'll wonder how you ever lived without them!

Visual Studio Code 1.117 adds Copilot BYOK, faster chat streaming, and terminal fixes, giving developers more control.

April 26, 2026: We're looking for new [♻️] Plants & Brainrots 🌻codes for the unfortunately named Dump event. That's version 1.33.0 What are the new Plants vs Brainrots codes? If you're looking to ...

Socket has notified the Eclipse Foundation, which oversees the Open VSX marketplace, of the latest fraudulent additions, and Burckhardt expects that by now all 73 have been deleted.

Every secure API draws a line between code and data. HTTP separates headers from bodies. SQL has prepared statements. Even email distinguishes the envelope from the message. The Model Context Protocol ...