The Hacker News

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Security researchers found two AI-branded VS Code extensions with 1.5M installs that covertly send source code and files to ...
Cybernews

North Korea is turning open-source projects into malware traps

North Korea is doubling down on a familiar playbook by weaponizing trust in open-source software and developer workflows. The ...
Visual Studio Magazine

What a Difference a VS Code Fork Makes: Antigravity, Cursor and Windsurf Compared

VS Code forks like Cursor, Windsurf, and Google Antigravity may share a common foundation, but hands-on testing shows they ...
CSO Online

Critical RCE bugs expose the n8n automation platform to host‑level compromise

A JavaScript sandbox bug rated CVSS 9.9 enables attackers to bypass AST‑based protections, while a Python execution bypass ...
Techzine Europe

Misuse of VS Code tasks poses risk to developers

Security researchers are increasingly citing Visual Studio Code as part of supply chain attacks on developers. Researchers at Jamf recently identified ...

アナログ時計の色でIMEのON/OFFを通知できる「IME Indicator Clock」v1.0.0 ...

ソフトウェア ・「IME Indicator Clock」v1.0.0(26/01/21) デスクトップに半透明表示したアナログ時計の色でIMEのON/OFFを通知できるツール ・「escrcpy」v2.3.0(26/01/22) Androidデバイスの画面をPCから表示・操作できる「scrcpy」をGUIで操作できるツール ・「Control ...

Yottaa Launches Industry-First MCP Server Purpose-Built for eCommerce Performance Intelligence

First Capability Enables Real-Time Web Performance Insights via AI ClientsWALTHAM, Mass.--(BUSINESS WIRE)--Yottaa, the ...
SecurityWeek

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Vulnerabilities in the NPM, PNPM, VLT, and Bun package managers could lead to protection bypasses and arbitrary code ...
destinationCRM.com

Yottaa Launches MCP Server for E-Commerce Performance Intelligence

Yottaa, providers of a cloud platform for e-commerce, has launched a Model Context Protocol (MCP) server to offer artificial intelligence-native access to web performance data for developers, ...
CSO Online

Unplugged holes in the npm and yarn package managers could let attackers bypass defenses ...

A researcher at Koi Security says the two key platforms have not plugged the vulnerabilities enabling the worm attacks, and ...
gihyo.jp

AIとの 会話に インタラクティブな UIを 埋め込む 「MCP Apps ...

MCPプロジェクトは2026年1月26日、MCPツールを使ったAIとの会話内でインタラクティブなUIコンポーネントを返すことができる 「MCP Apps」 をMCP公式の拡張機能として公開した。

e-Govの公文書をD&Dで表示・PDF化できる「e-Gov公文書ビューアー」v1.0.0 ...

ソフトウェア ・「e-Gov公文書ビューアー」v1.0.0 e-GovのZIP圧縮されたXML形式の公文書をドラッグ&ドロップで表示・PDF化できるツール ・「Thunderbird」v140.7.1esr(26/01/27) ...