The GlassWorm campaign has resurfaced within the developer community, though the adversaries have adopted a more surreptitious operational profile. Rather than disseminating overtly malicious extensions via OpenVSX, they initially publish innocuous facsimiles of popular...
The clandestine update of an antiquated Visual Studio Code extension has precipitously metamorphosed into a targeted siege upon blockchain architects. A triad of IoliteLabs extensions, engineered for Solidity, were abruptly infected with venomous architecture,...
Developers are being besieged en masse with terrifying claims of “critical vulnerabilities” directly within the hallowed halls of GitHub, yet a profoundly different motive lurks beneath these alarming admonitions. According to a dispatch from...
The North Korean threat collective PurpleBravo has, for over a year, orchestrated a sophisticated and targeted offensive designated as Contagious Interview. This campaign utilizes fraudulent recruitment processes to assault enterprises across Europe, Asia, the...
Software developers remain a paramount objective for cyber-adversaries, as burgeoning malicious campaigns increasingly exploit the very instruments and environments foundational to the software development lifecycle. A poignant illustration of this trend is the emergence...
The Eclipse Foundation has revoked several compromised access tokens associated with publishing extensions to the open Open VSX repository. The investigation was prompted by a report from Wiz, a company specializing in cloud security....
Experts at Oasis Security have reported a vulnerability in the Cursor code editor that enables arbitrary tasks to be executed upon opening a repository. The issue arises because, unlike Visual Studio Code, Cursor has...
Amazon was forced to urgently withdraw a compromised version of its AI-powered programming assistant, Q, after a malicious instruction was covertly embedded into the system. This rogue directive prompted the assistant to exploit command-line...
A counterfeit extension for the Cursor AI development environment, masquerading as a legitimate Ethereum utility, has resulted in a major cybersecurity incident—a Russian cryptocurrency developer lost half a million dollars due to the extension’s...
In recent security news, two researchers, Thomas Chauchefoin and Paul Gerste from SonarSource, have disclosed technical details for a critical Visual Studio Code remote code execution vulnerability and shared a public proof-of-concept (PoC) exploit....
