A remote access trojan dubbed SleepyDuck, and disguised as the well-known Solidity extension in the Open VSX open-source registry, uses an Ethereum smart contract to establish a communication channel ...

The Open VSX registry rotated access tokens after they were accidentally leaked by developers in public repositories and allowed threat actors to publish malicious extensions in an attempted ...

Researchers uncover SleepyDuck RAT hidden in VSX extension, using Ethereum contracts to control infected hosts.

Eclipse Foundation, which maintains the open-source Open VSX project, said it has taken steps to revoke a small number of ...

At its core, VS Code is built on an open source project called Code OSS, published under the permissive MIT license.

Ubuntu Summit The Register FOSS desk sat down with Canonical's vice-president for engineering, Jon Seager, during Ubuntu Summit earlier this month. This is a heavily condensed version of our ...

Supply-chain attacks have evolved considerably in the las two years going from dependency confusion or stolen SSL among ...

Docker Compose users are being strongly urged to upgrade their versions of the orchestration tool after a researcher ...

NanaZip is a fork of the popular software 7-Zip,which allows you to create, open, or modify archive files. It offers a modern ...

Open VSX fully contained the GlassWorm attacks and says it was not a self-replicating worm in the traditional sense. The GlassWorm campaign that infected VS Code extensions in the Open VSX marketplace ...

The Eclipse Foundation has resolved the security incident at Open VSX and is introducing new measures to protect developer accounts.