Malicious Microsoft AI extensions might have hit over 1.5 million users

Two VSCode extensions are harvesting sensitive data and sending it to China.

Fake Moltbot AI assistant just spreads malware - so watch out for scams

Moltbot doesn't have a VSCode extension - you're downloading malware instead ...

GlassWorm Malware Hits macOS Through Trusted Open VSX Extensions

Cybersecurity researchers from Socket’s Threat Research team have identified a developer-compromise supply chain attack ...
The Hacker News

Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm

Open VSX supply chain attack hijacked VS Code extensions delivered GlassWorm malware stealing macOS, crypto, and developer ...
SecurityWeek

VS Code Configs Expose GitHub Codespaces to Attacks

Attackers can abuse VS Code configuration files for RCE when a GitHub Codespaces user opens a repository or pull request.

Viral Moltbot AI assistant raises concerns over data security

Security researchers are warning of insecure deployments in enterprise environments of the Moltbot (formerly Clawdbot) AI assistant, which can lead to leaking API keys, OAuth tokens, conversation ...
Dark Reading

GlassWorm Malware Returns to Shatter Developer Ecosystems

The self-replicating malware has poisoned a fresh set of Open VSX software components, leaving potential downstream victims ...
Visual Studio Magazine

VS Code Team Member Blames User Trust Decisions in Repo-Based Attacks

In a a robust Hacker News thread sparked by Jamf Threat Labs research, a VS Code team member defended the editor's Workspace ...
WinBuzzer

Malicious VS Code Extensions Steal Code from 1.5M Developers

Two malicious VS Code extensions have exfiltrated code snippets, API keys, and proprietary algorithms from 1.5 million ...

New GlassWorm attack targets macOS via compromised OpenVSX extensions

A new GlassWorm malware attack through compromised OpenVSX extensions focuses on stealing passwords, crypto-wallet data, and developer credentials and configurations from macOS systems.
The Manila Times

End the Agentic Amnesia: EverMind Launches EverMemOS Cloud and Kicks Off "Memory Genesis 2026" Global Developer Hackathon Supported by OpenAI

EverMind Launches EverMemOS Cloud and Kicks Off 'Memory Genesis 2026' Global Developer Hackathon Supported by OpenAI ...
WinBuzzer

Moonshot AI Unveils Kimi K2.5 Open-Source Model, Claiming to Beat Claude Opus 4.5 on Agentic Benchmarks

Moonshot AI has released Kimi K2.5, an open-source model with coding, image, and video capabilities alongside Kimi Code tool, competing with Claude Code.