latesthackingnews.comOpinion

Amazon Q’s MCP Flaw Is an Industry Warning: AI Tools Still Lack Workspace Trust Standards

CVE-2026-12957 in Amazon Q is the third MCP auto-execution vulnerability in three AI coding tools. The pattern reveals a ...
InfoWorld

Visual Studio Code locks down untrusted code

Workspace Trust feature in VS Code 1.26 lets users configure whether code in a project folder can be executed by VS Code ...
makeuseof

The 6 VS Code extensions I wish I'd installed years ago

Tashreef's fascination with consumer technology began in the school library when he stumbled upon a tech magazine, CHIP, which ultimately inspired him to pursue a degree in Computer Science. Since ...

Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
Visual Studio Magazine

VS Code Keeps Eye on Costs in v1.126 Update

Visual Studio Code 1.126 adds session-level Copilot cost information, continuing Microsoft's recent focus on helping developers monitor and manage usage-based GitHub Copilot billing.
Visual Studio Magazine

Open VSX 1.0.0 Puts Focus on Open Extension Registry for VS Code Ecosystem

Eclipse Open VSX has reached 1.0.0, highlighting its role as a vendor-neutral registry for VS Code-compatible extensions.
The Tech Edvocate

How to run PowerShell script

Essential Tips to Run PowerShell Scripts Like a Pro PowerShell has evolved into a powerful scripting language that’s essential for system administrators and IT professionals alike. Whether you’re ...
CSOonline

SAP npm package attack highlights risks in developer tools and CI/CD pipelines

A supply chain attack on SAP-related npm packages has put fresh scrutiny on the developer tools and build workflows that enterprises rely on to produce software. The campaign, referred to as “mini ...
The Hacker News

SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack

Cybersecurity researchers are sounding the alarm about a new supply chain attack campaign targeting SAP-related npm Packages with credential-stealing malware. mbt@1.2.48 @cap-js/db-service@2.10.1 @cap ...
InfoWorld

OpenAI adds plugin system to Codex to help enterprises govern AI coding agents

The move lets IT administrators standardize and distribute agent behaviors across engineering teams, but OpenAI’s third-party marketplace is not yet open. OpenAI has introduced a plugin system for ...
The Hacker News

North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware

The North Korean threat actors behind the Contagious Interview campaign, also tracked as WaterPlum, have been attributed to a malware family tracked as StoatWaffle that's distributed via malicious ...
Bleeping Computer

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. Evidence ...