InfoWorld

How GlassWorm wormed its way back into developers’ code — and what it says about open ...

Weeks after being declared eradicated, GlassWorm is again infesting open source extensions using the same invisible Unicode ...
The Hacker News

Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities

Cybersecurity researchers have flagged a malicious Visual Studio Code (VS Code) extension with basic ransomware capabilities ...

Microsoft ships .NET 10 LTS and Visual Studio 2026, Copilot everywhere

Microsoft has released C# 14 and .NET 10, a long-term support version, along with a bunch of related products including ...
CSO Online

Rogue MCP servers can take over Cursor’s built-in browser

A new proof-of-concept attack shows that malicious Model Context Protocol servers can inject JavaScript into Cursor’s browser ...

GlassWorm malware returns on OpenVSX with 3 new VSCode extensions

The GlassWorm malware campaign, which impacted the OpenVSX and Visual Studio Code marketplaces last month, has returned with ...
InfoWorld

Malicious npm package sneaks into GitHub Actions builds

The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious ...
Cyber DailyOpinion

Op-Ed: Microsoft publishes 66 new vulnerabilities fpr November’s Patch Tuesday

There’s a lone exploited-in-the-wild zero-day vulnerability, which Microsoft assesses as critical severity, although there’s ...