Unite.AI

OpenAI Adds Plugin Marketplace to Codex

OpenAI has launched a plugin system for Codex, its AI coding agent, adding a curated directory of integrations that connect the tool to workplace apps including Slack, Notion, Figma, Gmail, and Google ...
InfoWorld

OpenAI adds plugin system to Codex to help enterprises govern AI coding agents

The move lets IT administrators standardize and distribute agent behaviors across engineering teams, but OpenAI’s third-party ...
The Hacker News

North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware

North Korean hackers exploit VS Code tasks.json auto-run since Dec 2025 to deploy StoatWaffle malware, stealing data and ...
Hackaday

This Week In Security: Linux Flaws, Python Ownage, And A Botnet Shutdown

Qualys reports the discovery by their threat research unit of vulnerabilities in the Linux AppArmor system used by SUSE, Debian, Ubuntu, and ...

Glassworm Malware Campaign Uses Invisible Code To Infect Hundreds Of GitHub Repos

The GlassWorm malware made news when it pivoted from exclusively targeting Windows users to also targeting Mac OS users in January, and in the time since, the malware campaign has spread across at ...

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...
The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...
CSO Online

Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse

Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace checks and silently installing malware onto developers’ systems.
GitHub

Multi‐Project Testing in VS Code

The Python extension now supports multi-project workspaces, where each Python project within a workspace gets its own test tree and Python environment. This document explains how multi-project testing ...
Microsoft

New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan

In January 2026, Microsoft Defender Experts identified a new evolution in the ongoing ClickFix campaign. This updated tactic deliberately crashes victims’ browsers and then attempts to lure users into ...
winbuzzer.com

Malicious VS Code Extensions Steal Code from 1.5M Developers

Security researchers revealed two malicious VS Code extensions exfiltrated code snippets, API keys, and proprietary algorithms from 1.5 million developers to servers in China while masquerading as AI ...
Visual Studio Magazine

Buzz About VS Code Extension for Codebase Visualization

A new VS Code extension called Nogic visualizes codebases as interactive graphs and drew strong interest on Hacker News. Commenters praised the concept for understanding large or unfamiliar codebases, ...