Open VSX rotates tokens used in supply-chain malware attack

The Open VSX registry rotated access tokens after they were accidentally leaked by developers in public repositories and allowed threat actors to publish malicious extensions in an attempted ...

Fake Solidity VSCode extension on Open VSX backdoors developers

A remote access trojan dubbed SleepyDuck, and disguised as the well-known Solidity extension in the Open VSX open-source registry, uses an Ethereum smart contract to establish a communication channel ...

I love uBlock, but it’s not the first browser extension I install on my phone

Userscripts are no longer in vogue, but they're well worth using on your Android phone. Here's how I do it through Violentmonkey.
CSO Online

Typo hackers sneak cross-platform credential stealer into 10 npm packages

The typosquatted packages auto-execute on installation, fingerprint victims by IP, and deploy a PyInstaller binary to harvest ...