GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...
Visual Studio Magazine

Going Local (& a Bit Loco) with Open-Source AI in VS Code

This hands-on PoC shows how I got an open-source model running locally in Visual Studio Code, where the setup worked, where it broke down, and what to watch out for if you want to apply a local model ...
Visual Studio Magazine

Microsoft Launches Azure Skills Plugin to Give AI Coding Agents Real Azure Expertise

Microsoft's new Azure Skills Plugin bundles curated Azure skills, the Azure MCP Server, and the Foundry MCP Server into a single install that gives AI coding agents both the expertise and execution ...

AppsFlyer Web SDK used to spread crypto stealer JavaScript code

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.

Installing Web Apps in Chrome May Soon Take More Than One Click

Chrome is testing a new multi-view install dialog for web apps that could guide users through several setup screens before installation.
WinBuzzer

Fake Claude Code Pages Spread Malware to Developers via Google Ads

A malvertising campaign has spread fake Claude Code install pages through Google Ads, delivering the Amatera infostealer to ...
The New York Times

Art and Design

The National Endowment for the Humanities seldom gave seven-figure grants. Now big awards flow to handpicked projects, including an institution with three full-time employees. By Zachary SmallJennifer ...