GlassWorm malware attacks return via 73 OpenVSX "sleeper" extensions

A new wave of the Glassworm campaign is targeting the OpenVSX ecosystem with 73 "sleeper" extensions that turn malicious ...

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...

GitHub Copilot shifts to usage-based pricing June 1 - why that's no surprise

Under the new approach, if you run out of credits, you can't use the service. GitHub plans to preview the new billing in ...
Visual Studio Magazine

Devs Sound Off on Usage-Based Copilot Pricing Change: 'You Will Get Less, but Pay the Same Price'

GitHub Copilot is moving to usage-based billing on June 1, 2026, prompting user concerns about predictability, model access, monthly credit limits and whether unchanged plan prices will translate into ...
The Hacker News

Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2

Tropic Trooper used trojanized SumatraPDF and GitHub C2 in 2024 to deploy AdaptixC2, enabling covert VS Code tunnel access.
The Hacker News

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

Malicious KICS Docker tags and VS Code versions 1.17.0, 1.19.0 enabled data exfiltration, risking exposed infrastructure ...