Awareness for Web Security: The OWASP Top Ten 2025

The first release candidate of the new OWASP Top Ten reveals the biggest security risks in web development – from ...
Dark Reading

GlassWorm Returns, Slices Back into VS Code Extensions

GlassWorm, a self-propagating malware targeting Visual Studio Code (VS Code) extensions on the Open VSX marketplace, have apparently continued despite statements that the threat had been contained.
Computerworld

AI browsers can be abused by malicious AI sidebar extensions: Report

AI browsers may be smart, but they’re not smart enough to block a common threat: Malicious extensions. That’s the conclusion of researchers at SquareX, who on Thursday released a report showing how ...
InfoWorld

Self-propagating worm found in marketplaces for Visual Studio Code extensions

Treat this as an immediate security incident, CISOs advised; researchers say it’s one of the most sophisticated supply chain attacks they’ve seen, and it’s spreading. A month after a self-propagating ...
Dark Reading

Self-Propagating GlassWorm Attacks VS Code Supply Chain

A self-propagating worm is targeting Visual Studio Code (VS Code) extensions in a complex supply chain attack that has infected 35,800 developer machines so far with techniques the likes of which ...
CSOonline

TigerJack’s malicious VSCode extensions mine, steal, and stay hidden

The coordinated campaign abuses Visual Studio Code and OpenVSX extensions to steal code, mine cryptocurrency, and maintain remote control, all while posing as legitimate developer tools. In a new ...
The Hacker News

Over 100 VS Code Extensions Exposed Developers to Hidden Supply Chain Risks

New research has uncovered that publishers of over 100 Visual Studio Code (VS Code) extensions leaked access tokens that could be exploited by bad actors to update the extensions, posing a critical ...
Visual Studio Magazine

VS Code SQL Extension Previews Microsoft Fabric Connectivity

Microsoft updated its free MSSQL extension for Visual Studio Code with new Fabric connectivity and provisioning features in public preview, alongside GitHub Copilot slash commands and multiple ...
techworm.net

Malicious VS Code Extensions Exploit Marketplace Loophole

Cybersecurity researchers have uncovered a loophole in Microsoft’s Visual Studio Code (VS Code) Marketplace that enables attackers to reuse deleted extension names, potentially allowing malware to ...
PC World

How to view the HTML code of emails in the new Outlook app

In previous versions of Microsoft Outlook (the classic app), you could view the HTML code of an email by opening the email, right-clicking on it, and selecting “View source” from the context menu.
TechSpot

Chrome and Edge browser extensions secretly hijacked, spied on millions of users

WTF?! Several browser extensions with a combined total of more than 2.3 million downloads were reportedly hijacking browsing sessions and tracking user activity. Many of these malicious add-ons ...