GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...
Infosecurity-magazine.com

New Attacks Exploit VSCode Extensions and npm Packages

A recent investigation by security researchers has revealed a troubling surge in malicious campaigns exploiting popular development tools, including VSCode extensions and npm packages. These campaigns ...
CSO Online

Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse

Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace ...
InfoWorld

Get started with Python in Visual Studio Code

Microsoft Visual Studio Code is a flexible, cross-platform editor that can be transformed into a full-blown IDE for most any language or workflow. Over the past few years, it has exploded in ...
The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...
Bleeping Computer

Malicious Microsoft VSCode extensions steal passwords, open remote shells

Cybercriminals are starting to target Microsoft's VSCode Marketplace, uploading three malicious Visual Studio extensions that Windows developers downloaded 46,600 times. According to Check Point, ...
Visual Studio Magazine

Top Visual Studio Code Extensions from Individual Contributors

Ever consider authoring your own Visual Studio Code extension to provide some missing piece of useful functionality? While the most popular extensions in the Visual Studio Code Marketplace are ...