GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...
The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...
WinBuzzer

GitHub: Glassworm Hides Malware in Invisible Unicode Across 151+ Repos

The Glassworm campaign has compromised over 151 GitHub repositories and npm packages using invisible Unicode payloads that ...
The Hacker News

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

Claude extension flaw enabled silent prompt injection via XSS and weak allowlist, risking data theft and impersonation until ...

DEV.co Expands JavaScript Development Services with “Vibe-Based” AI-Assisted Engineering Model

New AI-assisted development approach reduces costs and accelerates delivery timelines for modern JavaScript applications ...
MUO on MSN

Extensions, plugins, and add-ons aren't the same thing — and I've been mixing them up for years

Three names, three roles, and I mixed them up without realizing it.
XDA Developers on MSN

Google kept featuring this Chrome extension for months after it turned malicious

How can an extension change hands with no oversight?
GitHub

Python extension for Visual Studio Code

The Python extension will automatically install the following extensions by default to provide the best Python development experience in VS Code: If you set this setting to true, you will manually opt ...
GitHub

Title: onDidRequestToolApproval event for Chat/Language Model extensions

When building VS Code extensions that integrate with GitHub Copilot's Language Model API, there is no way to detect when the chat UI is presenting a tool-approval dialog to the user (the "Allow" / ...