Jeff Burt

Malicious VS Code Extensions Take Screenshots, Steal Info

December 10, 2025 | AI coding assistant, CI/CD, crates.io security, github, infostealer, Koi Security, Lightshot, malicious extensions, npm registry, VS Code

Developers were the targets of two new malicious Microsoft Visual Studio Code (VS Code) extensions created by a threat actor that security researchers believe is experimenting with methods for delivering information-stealing malware ...

Crates.io Removes Malicious Rust Package Targeting Web3 Developers

December 5, 2025 | cryptocurrency, Cybersecurity, Ethereum Virtual Machine, Rust programming, supply chain attack

A malicious Rust package that was found to be downloading payloads aimed at stealing cryptocurrency was removed from the crates.io Rust package registry, along with another package by the same author that ...

Massive VS Code Secrets Leak Puts Focus on Extensions, AI: Wiz

October 15, 2025 | exposed secrets, extensions leak, Microsoft Visual Studio, OpenVSX, VS Code, Wiz

Researchers with cybersecurity firm Wiz earlier this year discovered, almost by chance, a significant supply chain risk and massive secrets leak in the Visual Studio Code and OpenVSX marketplaces that they said ...

WhiteCobra Targets Developers with Dozens of Malicious Extensions

September 15, 2025 | cryptocurrency, LummaStealer, malicious extensions, malware, Open VSX, VSCode, WhiteCobra

A threat group is dropping two dozen malicious extensions into the VSCode and Open VSX marketplaces, targeting developers using the VSCode, Cursor, and Windsurf source code editing tools with the goal of ...

Malicious Nx Packages Used in Two Waves of Supply Chain Attack

August 29, 2025 | github, npm registry, supply chain attacks

The Nx build system was hit by a supply chain attack dubbed “s1ngularity,” leaking thousands of secrets and exploiting AI tools for data theft ...

AI-Generated Code Packages Can Lead to ‘Slopsquatting’ Threat

April 18, 2025 | AI code generation, AI hallucinations, Large Language Models, slopsquatting, software supply chain risks

AI hallucinations – the occasional tendency of large language models to respond to prompts with incorrect, inaccurate or made-up answers – have been an ongoing concern as the enterprise adoption of generative ...

AI-based, software development, ai, code generation, repositories, GitHub, Arm, extension, GitHub, Copilot, Git, bloat, malicious, GitLab, memory-safe, CISA, agency, Skillsoft GitHub GitKraken code QA

GitHub Brings Together Security, Developers to Fix Code Flaws

April 11, 2025 | ai, CI/CD, code vulnerabilities, GitHub Copilot

GitHub is linking developers with security pros to reduce the number of vulnerabilities that may be hiding in code that already is in workflows. The highly popular Microsoft-owned code repository this week ...

GitHub Action Compromise Risks Data Leaks for 23,000 Repositories

March 17, 2025 | GitHub Actions, leaked secrets, Python, software supply chain attacks

The attacker introduced malicious Python code that would expose secrets like authentication credentials in public repositories ...

Bad Actor Targets Linux, macOS Developers with Typosquatted Go Packages

March 7, 2025 | Cybersecurity, Go, software supply chain risks, typosquatting

The attacker published at least seven malicious packages on the Go Module Mirror that, if installed, will deliver a backdoor ...

scam, developers, freelance, developer, experience, DevEx, development ruby on rails, speed to market, developer happiness, low-code citizen developers development

North Korean Bad Actor’s Fake Job Offer Scam Targets Developers

February 25, 2025 | fake job, freelance developers, North Korea

Freelance developers around the world are being targeted by North Korean bad actors posing as job recruiters who as part of the fake application process entice them to run software jobs that ...