SecurityWeek

VS Code Configs Expose GitHub Codespaces to Attacks

Attackers can abuse VS Code configuration files for RCE when a GitHub Codespaces user opens a repository or pull request.
The Hacker News

ThreatsDay Bulletin: Codespaces RCE, AsyncRAT C2, BYOVD Abuse, AI Cloud Intrusions & 15 ...

Key cyber updates on ransomware, cloud intrusions, phishing, botnets, supply-chain risks, and nation-state threat activity.
Visual Studio Magazine

VS Code Team Member Blames User Trust Decisions in Repo-Based Attacks

In a a robust Hacker News thread sparked by Jamf Threat Labs research, a VS Code team member defended the editor's Workspace ...
Cybernews

North Korea is turning open-source projects into malware traps

North Korea is doubling down on a familiar playbook by weaponizing trust in open-source software and developer workflows. The ...
Techzine Europe

Misuse of VS Code tasks poses risk to developers

Security researchers are increasingly citing Visual Studio Code as part of supply chain attacks on developers. Researchers at Jamf recently identified ...
腾讯网

朝鲜黑客武器化VS Code,借微软合法设施渗透韩国政企网络

与朝鲜有关的网络间谍组织正在将全球开发者广泛使用的工具——Visual Studio ...
腾讯网

恶意VS Code AI扩展被安装150万次,窃取开发者源代码

网络安全研究人员发现了两个恶意的Microsoft Visual Studio Code (VS Code) 扩展程序,这些扩展被宣传为人工智能驱动的编程助手,但实际上具有隐蔽功能,会将开发者数据窃取到位于中国的服务器。

吴说每日精选加密新闻 - QCP:日本利率与关税风险升温,市场转向避险

QCP 分析指出,受日本国债收益率重新定价及欧美关税摩擦再起影响,全球市场迅速转向避险。日本利率上行被视为潜在的全球波动触发器,而贸易紧张局势可能进一步压制风险偏好。在此背景下,比特币未能发挥避险属性,更像高 beta 宏观资产,对利率、地缘政治和跨资产波动高度敏感;在政策信号更明确前,加密市场或仍以被动跟随为主。