Chrome's AI Extensions Flagged for Data Harvesting in 2026—With Surprising Names

New research by Incogni reveals that over half of AI-branded Google Chrome extensions are harvesting user data.

GlassWorm Malware Hits macOS Through Trusted Open VSX Extensions

Cybersecurity researchers from Socket’s Threat Research team have identified a developer-compromise supply chain attack ...
GitHub

Cloudsmith Visual Studio Code Extension

To install the extension, open the Extensions view, search for cloudsmith to filter results and select the Cloudsmith extension authorised by Cloudsmith. Entitlement tokens are not supported. Personal ...

Beware - over 840,000 malicious browser extensions uncovered

These need to be uninstalled manually ...
The Hacker News

GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection

The JavaScript (aka JScript) malware loader called GootLoader has been observed using a malformed ZIP archive that's designed to sidestep detection efforts by concatenating anywhere from 500 to 1,000 ...
GitHub

vscode extension does not handle multiple workspace folders

What issue are you seeing? The vscode extension handles wrongly the situation where the workspace has multiple folders. It presents only one folder in writable_roots given to codex, apparently the ...