Fake Solidity VSCode extension on Open VSX backdoors developers

A remote access trojan dubbed SleepyDuck, and disguised as the well-known Solidity extension in the Open VSX open-source ...

I customize Windows 11 in seconds with vibe-coded AI scripts. Here’s how

You can now take advantage of this classic Windows scripting tool even if you have zero programming experience.
CSO Online

Threat actors are spreading malicious extensions via VS marketplaces

There isn’t a consistent threat model for extension marketplaces yet, McCarthy said, making it difficult for any platform to ...
Bleeping Computer

Malicious crypto-stealing VSCode extensions resurface on OpenVSX

A threat actor called TigerJack is constantly targeting developers with malicious extensions published on Microsoft's Visual Code (VSCode) marketplace and OpenVSX registry to steal cryptocurrency and ...
GitHub

m4zesec/vscode-rainbow-brackets

Java, Scala, Clojure, Kotlin, Python, Haskell, Agda, Rust, JavaScript, TypeScript, Erlang, Go, Groovy, Ruby, Elixir, ObjectiveC, PHP, HTML, XML, SQL, Apex language ...
GitHub

"Debug Stopped" no matter "Start Debugging" or "Run Without Debugging"

after investigating, found output from python extension: 2025-10-10 11:55:58.227 [warning] Failed to check if .\"c:\Program Files\Python314\python.exe" is an executable [Error: ENOENT: no such file or ...
The Hacker News

Severe Framelink Figma MCP Vulnerability Lets Hackers Execute Code Remotely

Cybersecurity researchers have disclosed details of a now-patched vulnerability in the popular figma-developer-mcp Model Context Protocol (MCP) server that could allow attackers to achieve code ...
Hosted on MSN

Cookie Run Kingdom Codes (October 2025)

Cookie Run: Kingdom developers often release codes that you can use to claim free rewards such as Crystals, Jellies, EXP, Cubes, items, and more. These codes are usually handed out during special ...