VSCode IDE forks expose users to "recommended extension" attacks

Popular AI-powered integrated development environment solutions, such as Cursor, Windsurf, Google Antigravity, and Trae, ...
InfoQ

DuckDB's WebAssembly Client Allows Querying Iceberg Datasets in the Browser

DuckDB has recently introduced end-to-end interaction with Iceberg REST Catalogs directly within a browser tab, requiring no ...
GitHub

PostgreSQL Extension for Podman Desktop

From the Containers List page, you can start a PgAdmin instance connected to a discovered PostgreSQL instance. Start a new PostgreSQL instance, with optional PgAdmin From the dashboard of the ...

Cybersecurity experts warn that this browser extension is selling your chats with ChatGPT

A cybersecurity company claims that this popular VPN is harvesting AI chats. A cybersecurity company claims that a number of web browser extensions are secretly logging and selling users’ ...
Hartford Courant

Chevrolet Traverse vs Ford Explorer

Chevrolet versus Ford. Regardless of the vehicle type, car shoppers often find themselves comparing choices from these iconic American brands. And if you’re thinking about buying a new three-row ...
IEEE

CHARON: Polyglot Code Analysis for Detecting Vulnerabilities in Scripting Languages Native Extensions

Abstract: Scripting languages like Python or JavaScript are extremely popular among developers, in part due to their massive open-source ecosystems that enable smooth code reuse. However, recent work ...
GitHub

Fulling - AI-Powered Full-Stack Development Platform

Fulling provides a sandboxed environment with Claude Code and PostgreSQL — everything you need to vibe code full-stack apps. Fulling automatically sets up the following for your project, ready in a ...
Infosecurity-magazine.com

Malware Discovered in 19 Visual Studio Code Extensions

A campaign involving 19 Visual Studio (VS) Code extensions that embed malware inside their dependency folders has been uncovered by cybersecurity researchers. Active since February 2025 but identified ...
Infosecurity-magazine.com

Malicious VS Code Extensions Deploy Advanced Infostealer

A new pair of malicious Visual Studio Code extensions capable of harvesting screenshots, browser sessions and stored credentials has been discovered by cybersecurity researchers. The extensions, ...
The Hacker News

Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data

Cybersecurity researchers have discovered two new extensions on Microsoft Visual Studio Code (VS Code) Marketplace that are designed to infect developer machines with stealer malware. The VS Code ...
Bleeping Computer

Malicious VSCode extensions on Microsoft's registry drop infostealers

Two malicious extensions on Microsoft's Visual Studio Code Marketplace infect developers' machines with information-stealing malware that can take screenshots, steal credentials, crypto wallets, and ...
Visual Studio Magazine

Threat Actors Keep Weaponizing VS Code Extensions

Threat actors continue to probe Visual Studio Code's extension ecosystem, and a late November incident shows how quickly a trusted developer tool can be turned into a supply chain beachhead. In a ...