InfoWorld

Threat actors are spreading malicious extensions via VS marketplaces

There isn’t a consistent threat model for extension marketplaces yet, McCarthy said, making it difficult for any platform to anticipate these risks. However, he added, Microsoft’s marketplace has seen ...
MUO on MSN

VSCode is the perfect writing app and you can't convince me otherwise

I'm not much of a programmer, but I do all of my writing using a tool traditionally used for programming. I actually spent years using Microsoft Word, the tool I, like many others, grew up using for ...
InfoWorld

Self-propagating worm found in marketplaces for Visual Studio Code extensions

Treat this as an immediate security incident, CISOs advised; researchers say it’s one of the most sophisticated supply chain ...
The Hacker News

Self-Spreading 'GlassWorm' Infects VS Code Extensions in Widespread Supply Chain Attack

GlassWorm spread via 14 VS Code extensions; Solana + Google Calendar C2; stole credentials, drained 49 wallets.
CSO Online

‘Zero Disco’ campaign hits legacy Cisco switches with fileless rootkit payloads

Researchers warn of fileless payloads, memory hooks, and a UDP-based C2 controller that complicate detection and remediation.
CSO Online

Lazarus group targets European drone makers in new espionage campaign

The latest phase of Operation Dreamjob is targeting European defense and UAV firms through fake job offers and trojanized ...