Visual Studio Magazine

VS Code Expands AI Flexibility with Bring Your Own Key

Microsoft expanded model choice in VS Code with Bring Your Own Key (BYOK), enabling developers to connect models from any provider and manage them through a new extensible API.
The Hacker News

Malicious VSX Extension "SleepyDuck" Uses Ethereum to Keep Its Command Server Alive

Researchers uncover SleepyDuck RAT hidden in VSX extension, using Ethereum contracts to control infected hosts.
Visual Studio Magazine

GitHub Introduces Agent HQ to Orchestrate 'Any Agent Any Way You Work'

GitHub unveiled Agent HQ at its Universe 2025 event, a new platform that lets developers orchestrate multiple AI agents ...

GitHub Opens Up to Multiple Third Party Agents

On the opening day of GitHub Universe 2025, GitHub announced Agent HQ, its vision for the future of the platform.
SecurityWeek

Open VSX Downplays Impact From GlassWorm Campaign

Open VSX fully contained the GlassWorm attacks and says it was not a self-replicating worm in the traditional sense. The GlassWorm campaign that infected VS Code extensions in the Open VSX marketplace ...

Open VSX rotates tokens used in supply-chain malware attack

The Open VSX registry rotated access tokens after they were accidentally leaked by developers in public repositories and allowed threat actors to publish malicious extensions in an attempted ...
CSO Online

Cyber agencies produce ‘long overdue’ best practices for securing Microsoft Exchange Server

Best practices include a focus on hardening user authentication and access, ensuring strong network encryption, and minimizing application attack surfaces.