Bleeping Computer

Malicious crypto-stealing VSCode extensions resurface on OpenVSX

A threat actor called TigerJack is constantly targeting developers with malicious extensions published on Microsoft's Visual Code (VSCode) marketplace and OpenVSX registry to steal cryptocurrency and ...
CSO Online

New backdoor ‘SesameOp’ abuses OpenAI Assistants API for stealthy C2 operations

Microsoft uncovers a months-long campaign where threat actors used OpenAI’s legitimate API as a covert command-and-control ...
CSO Online

Typo hackers sneak cross-platform credential stealer into 10 npm packages

The typosquatted packages auto-execute on installation, fingerprint victims by IP, and deploy a PyInstaller binary to harvest ...
The Hacker News

Self-Spreading 'GlassWorm' Infects VS Code Extensions in Widespread Supply Chain Attack

GlassWorm spread via 14 VS Code extensions; Solana + Google Calendar C2; stole credentials, drained 49 wallets.
GitHub

[BUG] Edit preview/diff not showing in VSCode extension UI when confirming changes

When using the Claude Code VSCode extension, edit previews are not visible when confirming code changes. The UI prompts me to confirm changes but only shows the file in its current state, without ...
GitHub

P2P VSCode Collaboration Extension

You can install this extension by searching "P2P Live Share" in the extension panel of VSCode or Cursor. To start sharing, click the "Share" button in the P2P Live ...