The Hacker News

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Security researchers found two AI-branded VS Code extensions with 1.5M installs that covertly send source code and files to ...

Malicious AI extensions on VSCode Marketplace steal developer data

Marketplace that were collectively installed 1.5 million times, exfiltrate developer data to China-based servers.

WinRAR path traversal flaw still exploited by numerous hackers

Multiple threat actors, both state-sponsored and financially motivated, are exploiting the CVE-2025-8088 high-severity ...

Malicious Microsoft AI extensions might have hit over 1.5 million users

Two VSCode extensions are harvesting sensitive data and sending it to China.
GitHub

File identification library for Rust.

Given a file (or some information about a file), return a set of standardized tags identifying what the file is. This is a Rust port of the Python identify library. What is the type: file, symlink, ...
GitHub

Tasmota Extensions

Official repository for Tasmota extensions as .tapp files. Extensions provide an extensible way to load and unload features dynamically on ESP32 variants without rebooting. Extensions are ...