In a a robust Hacker News thread sparked by Jamf Threat Labs research, a VS Code team member defended the editor's Workspace Trust model as the primary safeguard against repo-based malware -- while ...
Note: Keyboard shortcuts work when the Jira My Work view is focused. /src /api # Jira API client and authentication /commands # Command handlers /providers # Tree view and webview providers /models # ...
North Korea is doubling down on a familiar playbook by weaponizing trust in open-source software and developer workflows. The ...
Marketplace that were collectively installed 1.5 million times, exfiltrate developer data to China-based servers.
Popular AI-powered integrated development environment solutions, such as Cursor, Windsurf, Google Antigravity, and Trae, recommend extensions that are non-existent in the OpenVSX registry, allowing ...
Eclipse Foundation to require pre-publish security checks for Open VSX extensions to reduce VS Code supply-chain risk.
Cybersecurity researchers from Socket’s Threat Research team have identified a developer-compromise supply chain attack targeting macOS users, where ...
Two VSCode extensions are harvesting sensitive data and sending it to China.
These need to be uninstalled manually ...
imrmp→ import React, { memo } from 'react' & import PropTypes from 'prop-types' impt→ import PropTypes from 'prop-types' imrr→ import { BrowserRouter as Router, Route, NavLink} from 'react-router-dom' ...
Two malicious VS Code extensions have exfiltrated code snippets, API keys, and proprietary algorithms from 1.5 million ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results