GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...

DEV.co Expands JavaScript Development Services with “Vibe-Based” AI-Assisted Engineering Model

New AI-assisted development approach reduces costs and accelerates delivery timelines for modern JavaScript applicationsSeattle-Tacoma, WA, ...
InfoWorld

Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse

Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace ...

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...
Visual Studio Magazine

Microsoft Launches Azure Skills Plugin to Give AI Coding Agents Real Azure Expertise

Microsoft's new Azure Skills Plugin bundles curated Azure skills, the Azure MCP Server, and the Foundry MCP Server into a single install that gives AI coding agents both the expertise and execution ...
Visual Studio Magazine

Hands On with VS Code 1.111 Autopilot (Preview) for AI Prompts

VS Code 1.111 Autopilot is not just a no-prompts mode. In testing, it handled a blocking question that still stopped Bypass.
InfoWorld

First look: Electrobun for TypeScript-powered desktop apps

Powered by the TypesScript-native runtime Bun, Electrobun improves Electron with a smaller application footprint and built-in ...
InfoQ

Webpack Publishes 2026 Roadmap with Native CSS Support, Universal Target, and Path to Version 6

Webpack's 2026 roadmap, led by Even Stensberg, unveils substantial enhancements aimed at modernizing the bundler. Key ...