The Hacker News

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Security researchers found two AI-branded VS Code extensions with 1.5M installs that covertly send source code and files to ...
Cybernews

North Korea is turning open-source projects into malware traps

North Korea is doubling down on a familiar playbook by weaponizing trust in open-source software and developer workflows. The ...
Analytics Insight

Fake Recruiters Linked to North Korea Hit 3,100 IPs in Global Cyber Campaign

North Korean-linked hackers have targeted more than 3,100 IP addresses tied to AI, crypto, and finance firms through fake job interviews. The campaign used frau ...
Visual Studio Magazine

What a Difference a VS Code Fork Makes: Antigravity, Cursor and Windsurf Compared

VS Code forks like Cursor, Windsurf, and Google Antigravity may share a common foundation, but hands-on testing shows they ...
CSO Online

Critical RCE bugs expose the n8n automation platform to host‑level compromise

A JavaScript sandbox bug rated CVSS 9.9 enables attackers to bypass AST‑based protections, while a Python execution bypass ...
Techzine Europe

Misuse of VS Code tasks poses risk to developers

Security researchers are increasingly citing Visual Studio Code as part of supply chain attacks on developers. Researchers at Jamf recently identified ...
CSO Online

Unplugged holes in the npm and yarn package managers could let attackers bypass defenses ...

A researcher at Koi Security says the two key platforms have not plugged the vulnerabilities enabling the worm attacks, and ...
gihyo.jp

AIとの 会話に インタラクティブな UIを 埋め込む 「MCP Apps ...

MCPプロジェクトは2026年1月26日、MCPツールを使ったAIとの会話内でインタラクティブなUIコンポーネントを返すことができる 「MCP Apps」 をMCP公式の拡張機能として公開した。

Yottaa Launches Industry-First MCP Server Purpose-Built for eCommerce Performance Intelligence

First Capability Enables Real-Time Web Performance Insights via AI ClientsWALTHAM, Mass.--(BUSINESS WIRE)--Yottaa, the ...
destinationCRM.com

Yottaa Launches MCP Server for E-Commerce Performance Intelligence

Yottaa, providers of a cloud platform for e-commerce, has launched a Model Context Protocol (MCP) server to offer artificial intelligence-native access to web performance data for developers, ...
SecurityWeek

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Vulnerabilities in the NPM, PNPM, VLT, and Bun package managers could lead to protection bypasses and arbitrary code ...
Enterprise Times

Yottaa launches MCP server purpose-built for eCommerce performance intelligence

Yottaa have announced the launch of its Model Context Protocol (MCP) server. Yotta says this makes it the first eCommerce-focused performance vendor to ...