The Glassworm campaign, which first emerged on the OpenVSX and Microsoft Visual Studio marketplaces in October, is now in its third wave, with 24 new packages added on the two platforms.

Researchers found malicious VS Code extensions and Go, npm, and Rust packages stealing developer data via hidden payloads and exfiltration.

The disclosure comes as HelixGuard discovered a malicious package in PyPI named "spellcheckers" that claims to be a tool for checking spelling errors using OpenAI Vision, but contains malicious code ...

Windows 11’s latest cumulative update is not a routine housekeeping patch, it closes critical security holes and stabilizes ...

North Korean attackers have delivered more than 197 malicious packages as part of ongoing state-sponsored activity to ...

Container image scanning has come a long way over the years, but it still comes with its own set of, often unique, challenges ...

North Korean hackers intensify their efforts against blockchain and Web3 developers, using nearly 200 malicious npm packages ...

A stealthy campaign with 19 extensions on the VSCode Marketplace has been active since February, targeting developers with ...

The 2026 Chevy Trailblazer is now no longer available with a specific appearance package. Check out all the details on this ...

Malware is back on the OpenVSX and Microsoft Visual Studio marketplaces, researchers are warning. In mid-September this year, ...

A 1965 Ford Mustang claiming to be a fastback fitted with the desirable A-code engine hopes it has what it takes to convince ...