InfoWorld

Flaws in four popular VS Code extensions left 128 million installs open to attack

Three of the four vulnerabilities remained unpatched months after OX Security reported them to the maintainers.

Windows shortcut files targeted by ransomware gang Global Group

When Microsoft patched a vulnerability last summer that allowed threat actors to use Windows’ shortcut (.lnk) files in ...

OpenClaw’s AI ‘skill’ extensions are a security nightmare

Security researchers found hundreds of malicious add-ons on ClawHub.
GitHub

File identification library for Rust.

Given a file (or some information about a file), return a set of standardized tags identifying what the file is. This is a Rust port of the Python identify library. What is the type: file, symlink, ...
GitHub

patangation/roblox-script-exporter

A powerful Lua script that exports all scripts from Roblox place files (.rbxl) into organized directory structures, making it easy to version control, review, and manage your Roblox game code.
The Hacker News

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Cybersecurity researchers have discovered two malicious Microsoft Visual Studio Code (VS Code) extensions that are advertised as artificial intelligence (AI)-powered coding assistants, but also harbor ...
The Hacker News

ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services

Cybersecurity researchers have disclosed details of a new campaign that combines ClickFix-style fake CAPTCHAs with a signed Microsoft Application Virtualization (App-V) script to distribute an ...