Microsoft just made it possible to use VS Code completely offline with local AI

Coding in restricted environments just got easier. VS Code 1.122 brings air-gapped AI support and powerful new tools to test ...

Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard

The AI company's Bumblebee tool tackles your most urgent question after any supply‑chain advisory: Do your programmers have ...
Martin Cid Magazine

GlassWorm hid invisible code in VS Code extensions for a year before its takedown

For more than a year, a self-propagating worm rode VS Code extensions, npm packages, and stolen developer credentials through ...
Cybernews

CrowdStrike, Google smash Glassworm developer botnet

CrowdStrike, Google and the Shadowserver Foundation have disrupted the Glassworm botnet, a sophisticated malware campaign that infected Github repos, npm packages and VS code extensions to steal ...
Developer Tech

NVIDIA CUDA 13.3 bridges the Python and C++ divide for AI teams

NVIDIA’s CUDA 13.3 targets the divisions between Python and C++ engineers inside enterprise software teams building AI applications. Python teams often build fast prototypes, while C++ engineers spend ...
XDA Developers on MSN

A poisoned VS Code extension led to a GitHub breach, and Microsoft owns every link in the chain

Microsoft has had a VS Code extension for a long time, and it finally came back to bite them.
PC Tech Magazine

Strativerse.Ai Expands Access to AI-Driven Trading Strategy Creation

Strativerse.ai has expanded access to its AI-driven trading strategy creation platform, reinforcing its position within a ...
The Hacker News

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.
Tech Times

500 Poisoned Packages, Hundreds of Companies: TeamPCP’s Worm Just Reached GitHub

A GitHub employee installed a routine VS Code extension update, handed cybercrime group TeamPCP enough access to exfiltrate ...

Valid certificates, stolen accounts: how attackers broke npm's last trust signal

Stolen credentials produced valid Sigstore certificates, clearing 633 malicious npm packages — one of seven developer tool ...
financefeeds

How to Code Crypto Projects With Python and Solidity

Solidity remains the dominant smart contract language for Ethereum and EVM-compatible chains, with the 2025 developer survey collecting responses from developers across eighty-seven different ...