The Hacker News

North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT

North Korean-linked campaign publishes 26 malicious npm packages hiding C2 in Pastebin, deploying credential stealers & RAT via 31 Vercel deployments.
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
CSOonline

Contagious Interview turns VS Code into an attack vector

Threat actors behind the campaign are abusing Microsoft Visual Studio Code’s trusted workflows to execute and persist malicious code. Threat actors behind the long-running Contagious Interview ...
InfoWorld

Why ‘boring’ VS Code keeps winning

Every few months, the developer tool hype machine finds a new hero. In 2023, it was GitHub Copilot, the AI pair programmer that made autocomplete feel like magic. In 2024, the vibe shifted to Cursor ...
Business Wire

CodeRabbit’s “State of AI vs Human Code Generation” Report Finds That AI-Written Code Produces ~ 1.7x More Issues Than Human Code

SAN FRANCISCO--(BUSINESS WIRE)--CodeRabbit, the leading AI-powered code review platform, today released the “State of AI vs Human Code Generation”, a comprehensive new report analyzing the quality of ...
ZDNet

Fedora vs. Arch Linux: How to choose your next Linux distro (and which one I use)

Arch and Fedora are two different Linux distributions. One of these is better suited for those with less experience. Both are outstanding Linux distributions that can be used for free. The first Linux ...
Bleeping Computer

AI-Slop ransomware test sneaks on to VS Code marketplace

A malicious extension with basic ransomware capabilities seemingly created with the help of AI, has been published on Microsoft's official VS Code marketplace. Named susvsex and published by ...
Bleeping Computer

Self-spreading GlassWorm malware hits OpenVSX, VS Code registries

A new and ongoing supply-chain attack is targeting developers on the OpenVSX and Microsoft Visual Studio marketplaces with self-spreading malware called GlassWorm that has been installed an estimated ...
NerdWallet

Metal Roof vs. Asphalt Shingles: Cost, Lifespan and Installation

Shingle roofs are generally less expensive and easier to install than metal roofs, but metal roofs are more durable and last much longer. Some or all of the mortgage lenders featured on our site are ...
The Verge

Microsoft favors Anthropic over OpenAI for Visual Studio Code

Visual Studio Code now has a new auto AI model selector that favors Claude 4 over GPT-5. Visual Studio Code now has a new auto AI model selector that favors Claude 4 over GPT-5. is a senior editor and ...
Krebs on Security

18 Popular Code Packages Hacked, Rigged to Steal Crypto

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved ...
Neowin

OpenAI Codex gets a major update, now also available as a VS Code extension

OpenAI has launched a new Codex extension for VS Code and its forks, allowing developers to use the AI coding agent directly within their IDE. Back in May, OpenAI announced Codex, a cloud-based ...