SecurityWeek

Malicious Chrome Extension Crashes Browser in ClickFix Variant ‘CrashFix’

ClickFix variant CrashFix relies on a malicious Chrome extension to crash the browser and trick victims into installing the ...
IEEE

CHARON: Polyglot Code Analysis for Detecting Vulnerabilities in Scripting Languages Native Extensions

Abstract: Scripting languages like Python or JavaScript are extremely popular among developers, in part due to their massive open-source ecosystems that enable smooth code reuse. However, recent work ...
Bleeping Computer

Malicious VSCode extensions on Microsoft's registry drop infostealers

Two malicious extensions on Microsoft's Visual Studio Code Marketplace infect developers' machines with information-stealing malware that can take screenshots, steal credentials, crypto wallets, and ...
bitnewsbot

GlassWorm Malware Hits 24 VS Code Extensions on Major Marketplaces

In December 2025, the GlassWorm supply chain malware campaign emerged again, affecting both the Microsoft Visual Studio Marketplace and Open VSX platforms. This episode involved 24 extensions posing ...
cryptopolitan

3 VS Code extensions stealing credentials for GitHub, VSX, and crypto wallets

Cybersecurity firm Koi Security uncovers a new wave of the GlassWorm campaign, which hides malware in invisible Unicode code within VS Code extensions. The malware steals GitHub, Open VSX, and crypto ...
CSOonline

Self-propagating worm found in marketplaces for Visual Studio Code extensions

Treat this as an immediate security incident, CISOs advised; researchers say it’s one of the most sophisticated supply chain attacks they’ve seen, and it’s spreading. A month after a self-propagating ...
SecurityWeek

Supply Chain Attack Targets VS Code Extensions With ‘GlassWorm’ Malware

The malware uses invisible Unicode characters to hide its code and blockchain-based infrastructure to prevent takedowns. Visual Studio developers are targeted with a self-propagating worm in a ...
New York Post

Paw-sitively brilliant: Some dogs can classify their toys by function, new study finds

Some dogs aren’t just good boys and girls — they’re geniuses. Certain pups can do more than recognize the names of their favorite chew toys — they can actually group their playthings by function, like ...
Visual Studio Magazine

VS Code SQL Extension Previews Microsoft Fabric Connectivity

Microsoft updated its free MSSQL extension for Visual Studio Code with new Fabric connectivity and provisioning features in public preview, alongside GitHub Copilot slash commands and multiple ...
Dark Reading

Vidar Infostealer Back With a Vengeance

The long-running Vidar infostealer has evolved with new obfuscation techniques. That is according to researchers at cybersecurity vendor Aryaka, which published research last week dedicated to a fresh ...
techworm.net

Malicious VS Code Extensions Exploit Marketplace Loophole

Cybersecurity researchers have uncovered a loophole in Microsoft’s Visual Studio Code (VS Code) Marketplace that enables attackers to reuse deleted extension names, potentially allowing malware to ...
CSOonline

Hackers can slip ghost commands into the Amazon Q Developer VS Code Extension

The Amazon Q Developer VS Code Extension is reportedly vulnerable to stealthy prompt injection attacks using invisible Unicode Tag characters. According to the author of the “Embrace The Red” blog, ...