The Hacker News

Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems

Cline CLI 2.3.0 was published with a stolen npm token, installing OpenClaw in an 8-hour attack affecting ~4,000 downloads.

Python not working in Visual Studio Code Terminal

If Python is not working in Visual Studio Code Terminal, you receive Python is not recognized, or the script fails to execute ...
Dark Reading

Supply Chain Attack Secretly Installs OpenClaw for Cline Users

The malicious version of Cline's npm package — 2.3.0 — was downloaded more than 4,000 times before it was removed.
How-To Geek on MSN

How I built the perfect programming platform in under 10 minutes

Building your perfect programming environment is easier than you think. Here's how to do it in minutes!
TechRadar

Linux users report Microsoft's Visual Studio Code Snap package isn't actually deleting files

VS Code Snap package bug on Linux keeps deleted files, clogging hard drives Snap creates separate local Trash folders per version, compounding storage issues No fix yet; users advised to install VS ...
CSOonline

Contagious Interview turns VS Code into an attack vector

Threat actors behind the campaign are abusing Microsoft Visual Studio Code’s trusted workflows to execute and persist malicious code. Threat actors behind the long-running Contagious Interview ...
GitHub

Visual Studio Code STAC Validator

This extension automatically validates your STAC JSON files against their corresponding JSON schemas. When you open a STAC file (Item, Collection, or Catalog), the extension: Detects the STAC type and ...
Visual Studio Magazine

Threat Actors Keep Weaponizing VS Code Extensions

Threat actors continue to probe Visual Studio Code's extension ecosystem, and a late November incident shows how quickly a trusted developer tool can be turned into a supply chain beachhead. In a ...
NJ.com

N.J. counties open warming centers as Code Blue alerts take effect

Severe cold weather gripping New Jersey has prompted counties to issue Code Blue alerts and open warming centers for residents who need emergency shelter. County and municipal governments activate ...
Bleeping Computer

Glassworm malware returns in third wave of malicious VS Code packages

The Glassworm campaign, which first emerged on the OpenVSX and Microsoft Visual Studio marketplaces in October, is now in its third wave, with 24 new packages added on the two platforms. OpenVSX and ...
The Denver Post

Ballpark architecture firm decamping to Santa Fe Drive

Getting your Trinity Audio player ready... When searching for a new office for his architecture firm, Blake Mourer insisted on finding something that was not move-in ready. “It was really less about ...
Dark Reading

150,000 Packages Flood NPM Registry in Token Farming Campaign

Amazon researchers discovered more than 150,000 malicious packages in the NPM registry, in what they called "a defining moment in supply chain security." The packages were part of a token farming ...