CSO Online

More fake extensions linked to GlassWorm found in Open VSX code marketplace

Socket has notified the Eclipse Foundation, which oversees the Open VSX marketplace, of the latest fraudulent additions, and Burckhardt expects that by now all 73 have been deleted.
The Hacker News

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

Malicious KICS Docker tags and VS Code versions 1.17.0, 1.19.0 enabled data exfiltration, risking exposed infrastructure ...
Le Lézard

Constructive Open Sources Agentic DB, the Postgres Memory Layer for AI Agents

Constructive, the company behind open-source Postgres and JavaScript infrastructure with over 100 million open-source ...
InfoQ

npmx Reaches Alpha: Community Driven Alternative Browser for the npm Registry

Daniel Roe and over 250 contributors. It emphasizes speed and features absent in the official npmjs.com interface, such as ...

Bitwarden CLI npm package compromised to steal developer credentials

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.
Hosted on MSN

Coding project ideas to boost your portfolio

In 2026, coding projects are more than practice—they’re proof of your skills. From beginner-friendly builds to advanced AI systems, hands-on work shows employers you can create real solutions.