CSO Online

Malicious packages in npm evade dependency detection through invisible URL links: Report

Researchers outline how the PhantomRaven campaign exploits hole in npm to enable software supply chain attacks.
Visual Studio Magazine

Microsoft Extends Copilot AI Tech to Xcode, JetBrains IDEs and Eclipse

Microsoft expanded GitHub Copilot’s AI functionality to Apple’s Xcode, JetBrains IDEs, and the open-source Eclipse project, ...
Visual Studio Magazine

GitHub Introduces Agent HQ to Orchestrate 'Any Agent Any Way You Work'

GitHub unveiled Agent HQ at its Universe 2025 event, a new platform that lets developers orchestrate multiple AI agents ...
The Hacker News

Self-Spreading 'GlassWorm' Infects VS Code Extensions in Widespread Supply Chain Attack

GlassWorm spread via 14 VS Code extensions; Solana + Google Calendar C2; stole credentials, drained 49 wallets.
InfoWorld

Self-propagating worm found in marketplaces for Visual Studio Code extensions

Treat this as an immediate security incident, CISOs advised; researchers say it’s one of the most sophisticated supply chain ...
CSO Online

Threat actors are spreading malicious extensions via VS marketplaces

There isn’t a consistent threat model for extension marketplaces yet, McCarthy said, making it difficult for any platform to ...
InfoWorld

Visual Studio Code taps AI for merge conflict resolution

VS Code 1.105 also introduces a built-in MCP server marketplace and allows users to resume recent Copilot Chat sessions.
MUO on MSN

I don’t use the Microsoft Store or websites to install Windows apps anymore

I f you’re like me, installing apps on Windows used to be a mix of hunting down websites, dodging unnecessary toolbars, and clicking through endless setup wizards. Sure, the Microsoft Store simplifies ...