Malicious AI extensions on VSCode Marketplace steal developer data

Marketplace that were collectively installed 1.5 million times, exfiltrate developer data to China-based servers.
XDA Developers on MSN

I paired NotebookLM with Antigravity, and it feels like they’re meant to work together

Match made in heaven.
CSO Online

Contagious Interview turns VS Code into an attack vector

Threat actors behind the campaign are abusing Microsoft Visual Studio Code’s trusted workflows to execute and persist ...
CSO Online

Flaws in Chainlit AI dev framework expose servers to compromise

Security researchers uncovered two vulnerabilities in the popular Python-based AI app building tool that could allow ...
InfoWorld

Which development platforms and tools should you learn now?

For software developers, choosing which technologies and skills to master next has never been more difficult. Experts offer ...
The Manila Times

COCOS 4 Is Here, Fully Open Source

COCOS, the globally renowned provider of game engines and development tools fully acquired by SUD, today announced the full open-sourcing of COCOS 4.
Bleeping Computer

Popular JavaScript library expr-eval vulnerable to RCE flaw

A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be exploited to execute code remotely through maliciously crafted input. The ...
AppleInsider

Apple inadvertently leaked front-end source code of new App Store on the web

The web-based App Store browser Apple introduced Tuesday had some rookie mistakes in its implementation, which has led to the front-end source code getting published on GitHub. The result is a set of ...
The Hacker News

Why Unmonitored JavaScript Is Your Biggest Holiday Security Risk

Think your WAF has you covered? Think again. This holiday season, unmonitored JavaScript is a critical oversight allowing attackers to steal payment data while your WAF and intrusion detection systems ...