Dark Reading

'Ransomvibing' Infests Visual Studio Extension Market

A published VS Code extension didn't hide the fact that it encrypts and exfiltrates data and also failed to remove obvious signs it was AI-generated.
InfoWorld

How GlassWorm wormed its way back into developers’ code — and what it says about open source security

Weeks after being declared eradicated, GlassWorm is again infesting open source extensions using the same invisible Unicode ...
Visual Studio Magazine

Custom Agents Lead Microsoft AI Roadmap for Visual Studio

Microsoft's November Visual Studio roadmap outlines in-progress work on multi-agent support, enhanced chat and planning, MCP ...
CSO Online

New backdoor ‘SesameOp’ abuses OpenAI Assistants API for stealthy C2 operations

Microsoft uncovers a months-long campaign where threat actors used OpenAI’s legitimate API as a covert command-and-control ...
Cryptopolitan on MSN

Malicious VS Code extensions resurface, stealing GitHub credentials and crypto wallets

Developers will have to contend with a dormant turned active malicious code on Visual Studio Code (VS Code) extensions, which ...