The Hacker News

Malicious VSX Extension "SleepyDuck" Uses Ethereum to Keep Its Command Server Alive

Researchers uncover SleepyDuck RAT hidden in VSX extension, using Ethereum contracts to control infected hosts.
CSO Online

Modern supply-chain attacks and their real-world impact

Supply-chain attacks have evolved considerably in the las two years going from dependency confusion or stolen SSL among ...
CSO Online

Malicious packages in npm evade dependency detection through invisible URL links: Report

Researchers outline how the PhantomRaven campaign exploits hole in npm to enable software supply chain attacks.
InfoWorld

Visual Studio October update adds Claude coding models

October 2025 update makes the Claude Sonnet 4.5 and Claude Haiku 4.5 coding models available for use in the GitHub Copilot ...

Hitachi Vantara Unveils Hitachi iQ Studio to Simplify and Accelerate Agentic AI Development

Hitachi Vantara, the data storage, infrastructure and hybrid cloud management subsidiary of Hitachi Ltd. (TSE: 6501), today announced Hitachi iQ Studio, the latest addition to the Hitachi iQ portfolio ...
SecurityWeek

Open VSX Downplays Impact From GlassWorm Campaign

Open VSX fully contained the GlassWorm attacks and says it was not a self-replicating worm in the traditional sense. The GlassWorm campaign that infected VS Code extensions in the Open VSX marketplace ...

Fake Solidity VSCode extension on Open VSX backdoors developers

A remote access trojan dubbed SleepyDuck, and disguised as the well-known Solidity extension in the Open VSX open-source registry, uses an Ethereum smart contract to establish a communication channel ...
Neowin

KeePass Password Safe 2.60

KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is ...