Eclipse Open VSX has reached 1.0.0, highlighting its role as a vendor-neutral registry for VS Code-compatible extensions.
Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Erik Steiger discusses the operational pain ...
A single developer. One poisoned extension. Five supply chain surfaces compromised in 48 hours. And a threat group claiming their tool was built by Claude. On May 20, 2026, GitHub confirmed Opens a ...
GitHub CISO Alexis Wales confirmed Thursday that a poisoned build of the Nx Console Visual Studio Code extension — live on Microsoft's official Visual Studio Marketplace for just 18 minutes on May 18 ...
The post Mini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaign appeared first on Tenable Blog. A self-propagating worm has compromised more than 170 npm and ...
GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...
Microsoft has unveiled two new open-source tools called RAMPART and Clarity to assist developers in better testing the security of artificial intelligence (AI) agents. RAMPART, short for Risk ...
Cybersecurity researchers have flagged a compromised version of the Nx Console extension that was published to the Microsoft Visual Studio Code (VS Code) Marketplace. The extension in question is ...
The open-source package elementary-data, with over a million downloads per month, has been compromised. Attackers exploited a vulnerability in a GitHub Actions workflow to steal signing keys and ...