GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...
The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...

Manufact raises $6.3M as MCP becomes the ‘USB-C for AI’ powering ChatGPT and Claude apps

Manufact, a Y Combinator startup, raised $6.3 million to build open-source tools and cloud infrastructure for the Model Context Protocol (MCP), the fast-growing standard backed by Anthropic and OpenAI ...
XDA Developers on MSN

I replaced VS Code with this open-source editor and it's faster, lighter, and runs all my extensions

You also get to escape Microsoft telemetry tracking too.
Visual Studio Magazine

Hands On: Building an MCP Server with VS Code AI Toolkit's New Tool Catalog

Microsoft's AI Toolkit extension for VS Code now lets developers scaffold a working MCP server in minutes. Here's what that looks like in practice -- including the parts that don't work, and a simpler ...
Security Boulevard

The Developer’s Practical Guide to Passwordless Authentication in 2026

Why Passwords Are Still a Developer's Problem in 2026. The case against password-based authentication is well-established in the IAM community, but the practical implications for ...
XDA Developers on MSN

This self-hosted tool makes my local LLMs feel exactly like ChatGPT, but nothing leaves my network

It's perfect for privacy-conscious folks looking to break away from ChatGPT ...
techtimes

Claude Code vs ChatGPT Codex: Which AI Coding Agent is Actually the Best in 2026

AI coding agents are reshaping how developers write, debug, and maintain software in 2026. The debate around Claude Code vs ChatGPT Codex highlights two distinct philosophies: local-first reasoning ...
CSOonline

Flaws in four popular VS Code extensions left 128 million installs open to attack

Critical and high-severity vulnerabilities were found in four widely used Visual Studio Code extensions with a combined 128 million downloads, exposing developers to file theft, remote code execution, ...
The Verge

GitHub adds Claude and Codex AI coding agents

Microsoft-owned GitHub continues to embrace OpenAI and Anthropic AI advances. Microsoft-owned GitHub continues to embrace OpenAI and Anthropic AI advances. is a senior editor and author of Notepad, ...