Flaws in popular VSCode extensions expose developers to attacks

Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local ...
GitHub

TheOne Studio - Claude Code Training Skills

Train Claude Code to write production-ready code following TheOne Studio best practices for each development team. These skills enforce code quality, architecture patterns, and framework-specific ...
Infosecurity-magazine.com

Pyodide Sandbox Escape Enables Remote Code Execution in Grist-Core

A critical sandbox escape vulnerability in Grist-Core has been disclosed that allows remote code execution (RCE) through a single malicious spreadsheet formula. The issue was uncovered by Cyera ...
The Hacker News

Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas

A critical security flaw has been disclosed in Grist‑Core, an open-source, self-hosted version of the Grist relational spreadsheet-database, that could result in remote code execution. The ...
The Hacker News

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Cybersecurity researchers have discovered two malicious Microsoft Visual Studio Code (VS Code) extensions that are advertised as artificial intelligence (AI)-powered coding assistants, but also harbor ...
Dark Reading

DPRK Actors Deploy VS Code Tunnels for Remote Hacking

A spear-phishing campaign by North Korean actors is abusing a legitimate feature of Microsoft Visual Studio (VS) Code to gain full remote control of targeted systems. In the campaign, discovered by ...
Bleeping Computer

Cisco fixes Unified Communications RCE zero day exploited in attacks

Cisco has fixed a critical Unified Communications and Webex Calling remote code execution vulnerability, tracked as CVE-2026-20045, that has been actively exploited as a zero-day in attacks. Tracked ...