Mini Shai-Hulud worm injects disk wiper into Microsoft Azure PyPI package

Supply chain attacks with a Dune sci-fi saga branding continue to spread across the open-source ecosystem, with a Microsoft ...
Decrypt

GitHub Confirms 3,800 Internal Repos Stolen Through Poisoned VS Code Extension

TeamPCP gained access to GitHub's private source code after an employee unknowingly installed a malicious coding tool.
The Next Web

GitHub confirms hackers stole thousands of internal code repositories after employee installed a poisoned VS Code extension

TeamPCP exfiltrated 3,800 internal GitHub repositories after poisoning a VS Code extension. No customer data was affected, the company says.
Visual Studio Magazine

VS Code 1.121 Adds Remote Agents, Boosts Claude Code Functionality Again

Visual Studio Code 1.121 focuses on agent workflows, model configuration, terminal behavior and built-in preview features -- and features another update to Claude Code functionality.
Hackaday

Adding Capabilities To Inexpensive Solar Modules

Solar power has gotten cheap enough that putting up panels is among the cheapest ways of providing energy. This isn’t just ...
keengamer.com

How to Get the Modification Station in Subnautica 2

The Modification Station is a base facility that operates entirely outside the standard Fabricator workflow. Players who hit the Tadpole’s crush depth limit or try to craft advanced vehicle modules ...
The Hacker News

ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories

A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: attackers are not always breaking in. They are ...