CrashFix crashes browsers to coerce users into executing commands that deploy a Python RAT, abusing finger.exe and portable Python to evade detection and persist on high‑value systems.

This is Part 2 of our two-part technical analysis on the Gopher Strike and Sheet Attack campaigns. For details on the Gopher Strike campaign, go to Part 1.IntroductionIn September 2025, Zscaler ...

Cybersecurity researchers have disclosed details of a malware campaign that's targeting software developers with a new information stealer called Evelyn Stealer by weaponizing the Microsoft Visual ...

The Copilot Studio extension lets developers use any VS Code-compatible AI assistant to develop AI agents, then sync with Copilot Studio for testing and iteration. Microsoft is offering a Microsoft ...

A new pair of malicious Visual Studio Code extensions capable of harvesting screenshots, browser sessions and stored credentials has been discovered by cybersecurity researchers. The extensions, ...

The infected extensions—named BigBlack.Bitcoin-black with 16 installs and BigBlack.codo-ai with 25 installs—were removed by Microsoft in early December 2025. A third related package, ...

A new malware campaign is A/B testing delivery effectiveness on software developers using malicious VS Code extensions. In a campaign tracked by Koi, a threat actor published two malicious VS Code ...

Threat actors continue to probe Visual Studio Code's extension ecosystem, and a late November incident shows how quickly a trusted developer tool can be turned into a supply chain beachhead. In a ...

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...

Cybersecurity firm Koi Security uncovers a new wave of the GlassWorm campaign, which hides malware in invisible Unicode code within VS Code extensions. The malware steals GitHub, Open VSX, and crypto ...

GlassWorm, a self-propagating malware targeting Visual Studio Code (VS Code) extensions on the Open VSX marketplace, have apparently continued despite statements that the threat had been contained.

Cybersecurity experts have revealed that three harmful extensions tied to the GlassWorm campaign targeting the Visual Studio Code (VS Code) environment are still accessible for download. The discovery ...