The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
Stark Insider

Gemini 3.1 Pro: A Quick Spin With Google’s Latest AI in the IPE

Google today announced Gemini 3.1 Pro, the latest version of its frontier AI LLM (Large Language Model). If you’re an Antigravity IDE user you likely so the small popup ...
The Hacker News

Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs

Critical vulnerabilities in four widely used VS Code extensions could enable file theft and remote code execution across 125M ...
InfoWorld

Microsoft brings C++ smarts to GitHub Copilot in Visual Studio Code

Updates to GitHub Copilot in VS Code provide the same C++ symbol context and CMake build configuration awareness as Microsoft’s C/C++ DevTools and CMake Tools extensions.
InfoWorld

Flaws in four popular VS Code extensions left 128 million installs open to attack

Three of the four vulnerabilities remained unpatched months after OX Security reported them to the maintainers.
Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
PCMag

A Beloved Music Streaming App Is Back, Thanks to Claude Code

When Tomahawk shut down in 2016, it was powered by a team of six. A decade later, developer J Herskowitz has vibe-coded it ...

Phallon Tullis-Joyce says alleged racial abuse against Vinicius Jr. is ‘not OK’

Tullis-Joyce brought up her personal identity to explain her perspective and spoke about her campaign for diversity, equity and inclusion.