Socket has notified the Eclipse Foundation, which oversees the Open VSX marketplace, of the latest fraudulent additions, and Burckhardt expects that by now all 73 have been deleted.

Malicious KICS Docker tags and VS Code versions 1.17.0, 1.19.0 enabled data exfiltration, risking exposed infrastructure ...

Try these extensions and you'll wonder how you ever lived without them!

Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.

The April update suppresses Copilot completions while IntelliSense is active, addressing a long-running editor conflict.

I can clearly see the day when we’ll be able to summon ChatGPT, Claude, or Gemini on our phones, say something like “Hey ...

Gabriela Moreira, CEO of Quint at Informal Systems, is a research engineer specializing in programming languages and formal methods, with a strong focus on building tools that make complex system ...

Today, ComfyUI announced a $30 million financing at a $500 million valuation, bringing total funding to $48 million. The round was led by Craft, with participation from Pace Capital, Chemistry, ...

IntroductionOn March 12, 2026, Zscaler ThreatLabz discovered a malicious ZIP archive containing military-themed document lures targeting Chinese-speaking individuals. Our analysis of this sample ...

Anthropic’s Claude Desktop application for macOS is facing scrutiny after a cybersecurity researcher reported that the app installs a Native Messaging bridge into multiple Chromium-based browsers ...

Attackers continue to scale a campaign to seed Open VSX with seemingly benign VS Code extensions that spread self-propagating ...

Over 70 clones of popular extensions published to the Open VSX marketplace in April are likely designed to deliver GlassWorm ...