In a a robust Hacker News thread sparked by Jamf Threat Labs research, a VS Code team member defended the editor's Workspace Trust model as the primary safeguard against repo-based malware -- while ...
Note: Keyboard shortcuts work when the Jira My Work view is focused. /src /api # Jira API client and authentication /commands # Command handlers /providers # Tree view and webview providers /models # ...
North Korea is doubling down on a familiar playbook by weaponizing trust in open-source software and developer workflows. The ...
Marketplace that were collectively installed 1.5 million times, exfiltrate developer data to China-based servers.
Eclipse Foundation to require pre-publish security checks for Open VSX extensions to reduce VS Code supply-chain risk.
Cybersecurity researchers from Socket’s Threat Research team have identified a developer-compromise supply chain attack targeting macOS users, where ...
Two VSCode extensions are harvesting sensitive data and sending it to China.
These need to be uninstalled manually ...
What issue are you seeing? The vscode extension handles wrongly the situation where the workspace has multiple folders. It presents only one folder in writable_roots given to codex, apparently the ...
Two malicious VS Code extensions have exfiltrated code snippets, API keys, and proprietary algorithms from 1.5 million ...
The JavaScript (aka JScript) malware loader called GootLoader has been observed using a malformed ZIP archive that's designed to sidestep detection efforts by concatenating anywhere from 500 to 1,000 ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results