GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...
The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...
Hackaday

This Week In Security: Linux Flaws, Python Ownage, And A Botnet Shutdown

Qualys reports the discovery by their threat research unit of vulnerabilities in the Linux AppArmor system used by SUSE, Debian, Ubuntu, and ...
InfoWorld

Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse

Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace ...
The Hacker News

North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware

North Korean hackers exploit VS Code tasks.json auto-run since Dec 2025 to deploy StoatWaffle malware, stealing data and ...
腾讯网

AutoGenesis:基于 AI + MCP 的跨平台自动化测试实践

作者 | 熊月,Microsoft Edge QA审校 | Kitty项目贡献成员:芈峮、佟玉、刘竞屏、王政达、熊月 开源地址:github.com/microsoft/AutoGenesis 本文为删减版,完整版见:https://www.infoq.cn/article/TLJa16KNgIXb1HB1Nvtg自动化测试之所以难以真正铺开,很多时候并不是因为团队不重视,而是因为门槛太高: 业务 ...
Visual Studio Magazine

Getting My OpenClaw Around VS Code

A hands-on test found that OpenClaw can work with VS Code for file-based drafting and source-driven synthesis, but the current experience is still centered on a local gateway and workspace model rathe ...