GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...
GitHub

VSCode Extension Example - using the 'dummymsg_async' library

A tiny in-memory async messaging library, paired with a VS Code extension that detects common misuse at edit time. This project exists as a demo: the library is intentionally useless so the focus ...
GitHub

Built-in GitHub extension is failing to start

When I open my local copy of my tracking repo of the microsoft/vscode repo I get this message in the Extension Host output channel: 2026-03-05 16:37:29.200 [info ...
The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...
WinBuzzer

GitHub: Glassworm Hides Malware in Invisible Unicode Across 151+ Repos

The Glassworm campaign has compromised over 151 GitHub repositories and npm packages using invisible Unicode payloads that ...
How-To Geek on MSN

This IDE actually made me a better programmer

One IDE to rule them all. You won't want to use anything else.
The Hacker News

Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware

A "coordinated developer-targeting campaign" is using malicious repositories disguised as legitimate Next.js projects and technical assessments to trick victims into executing them and establish ...