GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...
The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...
IEEE

Python Source Code Vulnerability Detection Based on CodeBERT Language Model

Abstract: Programming language source code vulnerability mining is crucial to improving the security of software systems, but current research is mostly focused on the C language field, with little ...
IEEE

Evaluating Python Static Code Analysis Tools Using FAIR Principles

Abstract: The quality of modern software relies heavily on the effective use of static code analysis tools. To improve their usefulness, these tools should be evaluated using a framework that ...
GitHub

Pono: A Flexible and Extensible SMT-Based Model Checker

Makai Mann, Ahmed Irfan, Florian Lonsing, Yahan Yang, Hongce Zhang, Kristopher Brown, Aarti Gupta, Clark W. Barrett: Pono: A Flexible and Extensible SMT-Based Model Checker. CAV 2021. Evaluated ...
Visual Studio Magazine

VS Code 1.109 Deemed a Multi-Agent Development Platform

Visual Studio Code 1.109 introduces structured, multi-agent workflows that move AI assistance beyond single-chat interactions. Parallel subagents enable concurrent task execution without consuming the ...
SecurityWeek

VS Code Configs Expose GitHub Codespaces to Attacks

VS Code-integrated configuration files are automatically executed in Codespaces when the user opens a repository or pull request. The automatic execution of VS Code-integrated configuration files when ...
Visual Studio Magazine

VS Code Team Member Blames User Trust Decisions in Repo-Based Attacks

A Hacker News commenter identifying as a VS Code team member said Workspace Trust is the intended security protection against repo-based attacks. The commenter acknowledged user experience issues and ...