Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
FedScoop

Federal officials tap open-source standard to improve GenAI access to public data

As more and more Americans turn to generative AI tools to answer their questions, federal officials are working to ensure that third-party chatbots can more easily rely on public data to inform ...
SecurityWeek

GitHub Issues Abused in Copilot Attack Leading to Repository Takeover

Orca has discovered a supply chain attack that abuses GitHub Issue to take over Copilot when launching a Codespace from that ...
InfoQ

GitHub Agentic Workflows Unleash AI-Driven Repository Automation

Recently launched in technical preview, GitHub Agentic Workflows introduce a way to automate complex, repetitive repository ...

Flaws in popular VSCode extensions expose developers to attacks

Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local ...
InfoWorld

JetBrains introduces Java to Kotlin converter for Visual Studio Code

Extension that converts individual Java files to Kotlin code aims to ease the transition to Kotlin for Java developers.
Infosecurity Magazine

Flaws in Popular Software Development App Extensions Allow Data Exfiltration

Four serious new vulnerabilities affect Microsoft Visual Studio Code, Cursor and Windsurf extensions, three of which remain ...