GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...
SecurityWeek

ForceMemo: Python Repositories Compromised in GlassWorm Aftermath

Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python repositories.
The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...
NPR

Code Switch

What's CODE SWITCH? It's the fearless conversations about race that you've been waiting for. Hosted by journalists of color, our podcast tackles the subject of race with empathy and humor. We explore ...
Unite.AI

OpenAI Launches Codex Security To Find Vulnerabilities in Code

OpenAI released Codex Security on March 6, an AI-powered application security agent that scans codebases for vulnerabilities, validates findings in sandboxed environments, and proposes patches. The ...
Investopedia

Internal Revenue Code (IRC): Tax Laws & Principles Explained

Julia Kagan is a financial/consumer journalist and former senior editor, personal finance, of Investopedia. Thomas J. Brock is a CFA and CPA with more than 20 years of experience in various areas ...
Visual Studio Magazine

Hands On: Building an MCP Server with VS Code AI Toolkit's New Tool Catalog

Microsoft's AI Toolkit extension for VS Code now lets developers scaffold a working MCP server in minutes. Here's what that looks like in practice -- including the parts that don't work, and a simpler ...
XDA Developers on MSN

I replaced VS Code with this open-source editor and it's faster, lighter, and runs all my extensions

You also get to escape Microsoft telemetry tracking too.
Visual Studio Magazine

VS Code Team Member Blames User Trust Decisions in Repo-Based Attacks

A Hacker News commenter identifying as a VS Code team member said Workspace Trust is the intended security protection against repo-based attacks. The commenter acknowledged user experience issues and ...