VS Code extensions since Dec 21, 2025 fuel GlassWorm v2, installing cross-IDE malware and stealing credentials.

Business and enterprise users can now connect their own API keys to use LLMs via OpenRouter, Ollama, Google, OpenAI, and more ...

Overview On April 15, NSFOCUS CERT detected that Microsoft released the April Security Update patch, fixing 165 security issues involving Windows, Microsoft Office, Microsoft SQL Server, Microsoft ...

Three supply chain attacks hit npm, PyPI, and Docker Hub between April 21–23, 2026. All three targeted secrets: API keys, cloud credentials, SSH keys, and tokens from developer environments and CI/CD ...

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.

Microsoft officially announced TypeScript 7.0 Beta on April 21, 2026. The company says TypeScript 7.0 is often 10 times faster than 6.0. The beta ships through @typescript/native-preview@beta and tsgo ...

Attackers published a malicious command-line version of the popular open-source password manager to the npm registry and may ...

A malicious version of the Bitwarden command-line interface (CLI) password manager was briefly distributed via the Node ...

Osirus AI today announced the public launch of its enterprise AI platform, built from the ground up by three founders with no outside funding. The platform combines every major AI capability — Chat, ...

Snowflake announces updates for Snowflake Intelligence and Cortex Code. Together, the tools are designed to function as a ...

Try these extensions and you'll wonder how you ever lived without them!

Malicious KICS Docker tags and VS Code versions 1.17.0, 1.19.0 enabled data exfiltration, risking exposed infrastructure ...