Three of the four vulnerabilities remained unpatched months after OX Security reported them to the maintainers.

Over 260,000 users installed fake AI Chrome extensions that used iframe injection to steal browser and Gmail data, exposing ...

Spark, a lightweight real-time coding model powered by Cerebras hardware and optimized for ultra-low latency performance.

The permissions behind your AI Chrome extensions deserve a closer look - they may be spying on you ...

Malware targets macOS developers via compromised VS Code extensions, stealing credentials and crypto data via blockchain-based C2..

The Copilot Studio extension for Visual Studio Code is now generally available, allowing agents to be developed and managed directly from the editor. The extension enables software-style workflows for ...

Permissions for agentic systems are a mess of vendor-specific toggles. We need something like a ‘Creative Commons’ for agent ...

Eclipse Foundation to require pre-publish security checks for Open VSX extensions to reduce VS Code supply-chain risk.

Fortinet fixes critical FortiClientEMS SQL injection flaw (CVSS 9.1) enabling code execution; separate SSO bug actively exploited.

Two VSCode extensions exfiltrated sensitive user data to Chinese servers ChatGPT – 中文版 and ChatMoss had over 1.5 million installs combined Extensions used hidden iframes, commands, and SDKs to steal ...