Fake VS Code alerts on GitHub spread malware to developers

A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the ...
How-To Geek on MSN

Android's sideloading changes, the big Visual Studio Code update, better Linux phones, and more: News roundup

Everything you may have missed from the past week.

TypeScript 6.0 is ready: On the way to Go-based TypeScript 7.0

The last release with a JavaScript codebase is ready. From version 7, the compiler and language service will be written in ...
InfoWorld

New ‘StoatWaffle’ malware auto‑executes attacks on developers

The newly observed malware abuses VS Code’s “runOn:folderOpen” feature to execute automatically from trusted projects, ...
Microsoft

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...
C&EN

The Chemical Professional’s Code of Conduct

The American Chemical Society expects its members to adhere to the highest ethical and safety standards. Indeed, the Federal Charter of the Society (1937) explicitly lists among its objectives "the ...