Malicious Microsoft AI extensions might have hit over 1.5 million users

Two VSCode extensions are harvesting sensitive data and sending it to China.
Visual Studio Magazine

Buzz About VS Code Extension for Codebase Visualization

A new Visual Studio Code extension called Nogic sparked a wide-ranging Hacker News discussion, with commenters praising its ...
The Hacker News

Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data

Cybersecurity researchers have discovered two new extensions on Microsoft Visual Studio Code (VS Code) Marketplace that are designed to infect developer machines with stealer malware. The VS Code ...
IEEE

CKGFuzzer: LLM-Based Fuzz Driver Generation Enhanced By Code Knowledge Graph

Abstract: In recent years, the programming capabilities of large language models (LLMs) have garnered significant attention. Fuzz testing, a highly effective technique, plays a key role in enhancing ...
Hoodline

St. Louis Rallies Community and Resources in Code Blue Extension Amid Freezing Temperatures

The Missouri Attorney General’s office has indicated it is prepared to take action against any entities that violate the new age-verification rule, with legal consequences for noncompliance. The ...
Geeky Gadgets

Connect a Llama 3.1 Chat AI Model to VSCode and Code Faster with Local Replies

The first step in integrating Ollama into VSCode is to install the Ollama Chat extension. This extension enables you to interact with AI models offline, making it a valuable tool for developers. To ...
winbuzzer.com

Google Releases Colab Extension for VS Code

Google has launched an official Colab extension for Visual Studio Code, aiming to bridge the gap between local development and powerful cloud computing for AI and machine learning. The new tool allows ...
SecurityWeek

Supply Chain Attack Targets VS Code Extensions With ‘GlassWorm’ Malware

The malware uses invisible Unicode characters to hide its code and blockchain-based infrastructure to prevent takedowns. Visual Studio developers are targeted with a self-propagating worm in a ...
CSOonline

TigerJack’s malicious VSCode extensions mine, steal, and stay hidden

The coordinated campaign abuses Visual Studio Code and OpenVSX extensions to steal code, mine cryptocurrency, and maintain remote control, all while posing as legitimate developer tools. In a new ...
Bleeping Computer

Malicious crypto-stealing VSCode extensions resurface on OpenVSX

A threat actor called TigerJack is constantly targeting developers with malicious extensions published on Microsoft's Visual Code (VSCode) marketplace and OpenVSX registry to steal cryptocurrency and ...
TechCrunch

Salesforce launches enterprise vibe-coding product, Agentforce Vibes

Enterprise giant Salesforce is looking to ride the vibe-coding wave — where developers describe what they want in natural language and AI agents write the code — with its new AI-powered developer tool ...
Infosecurity-magazine.com

npm Package Uses QR Code Steganography to Steal Credentials

A malicious npm package named Fezbox has been found using an unusual technique to conceal harmful code. The package employs a QR code as part of its obfuscation strategy, ultimately aiming to steal ...