The Hacker News

Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks

Open VSX bug misread scanner failures as clean results, letting malicious VS Code extensions go live before patch in v0.32.0.

We tried 3 of the biggest vibe-coding platforms. Here's what we thought about how they stack up.

We three writers have been handed a gift with seemingly infinite potential. A sparkling promise, from vibe coding startups, that we can build anything without understanding a word of code. Gone are ...
SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...