🚀 Sonatype Reports Surge in Open Source Malware in Early 2025
#Sonatype #OpenSourceMalware #npm #crypto #malware #softwareSecurity #cryptocurrency #Solana #VSCode #Truffle #maliciousSoftware #softwareSupplyChain #SOL
According to Foresight News, Sonatype, a company specializing in end-to-end software supply chain security, has released its Open Source Malware Index for the first quarter of 2025. The report highlights significant activities, including nearly ten incidents of npm crypto package hijackings, counterfeit VS Code Truffle packages, and malware targeting Solana developers.
The findings indicate that cryptocurrency mining software accounted for 7% of the malware detected in this period, doubling from 3.5% in the fourth quarter of 2024. This increase underscores the growing threat posed by malicious software in the open-source ecosystem.#Sonatype #OpenSourceMalware #npm #crypto #malware #softwareSecurity #cryptocurrency #Solana #VSCode #Truffle #maliciousSoftware #softwareSupplyChain #SOL
🚀 Suspicious VSCode Plugin Raises Security Concerns Among Developers
#VSCode #plugin #security #developers #supplychainattacks #caution #npm #threats #JuanFranBlanco #solidit
According to PANews, a suspicious VSCode plugin named JuanFranBlanco.solidit-vscode has been identified, raising concerns within the developer community. The plugin, highlighted by SlowMist Technology's Chief Information Security Officer 23pds through a repost on X platform user @mrdotparasyte's post, appears to have an inflated download count achieved through questionable means. Additionally, the plugin's details are dubious, with a noticeable spelling error in the identifier 'solidit.'
The plugin has been available for two to three days, but it remains unclear how many developers have inadvertently downloaded it. This incident underscores the growing prevalence of supply chain attacks targeting developers, particularly through unofficially reviewed VSCode plugins and npm packages, which have become hotspots for such threats.
Developers are advised to exercise caution and thoroughly evaluate third-party plugins or packages before installation to mitigate potential security risks.#VSCode #plugin #security #developers #supplychainattacks #caution #npm #threats #JuanFranBlanco #solidit
🚀 GitHub Introduces Agent HQ and Expands Copilot Subscription Features
#GitHub #AgentHQ #Copilot #AI #VSCode #OpenAI #Anthropic #Google #xAI #Cognition #CodeQuality #MissionControl #MCPRegistry #Codex #CopilotPro
According to PANews, GitHub has announced the launch of Agent HQ, a platform designed to coordinate multiple agents across GitHub, VS Code, CLI, and mobile devices. The company plans to integrate coding agents from Anthropic, OpenAI, Google, Cognition, and xAI into its paid Copilot subscription service. GitHub has also introduced several new features, including Mission Control, VS Code's 'Plan Mode,' AGENTS.md for custom agent configuration, GitHub MCP Registry, and a public preview of Code Quality for enterprises. Additionally, Copilot Pro+ users will have the opportunity to test OpenAI Codex in VS Code Insiders this week. These developments aim to enhance governance, access, and auditing capabilities through Copilot metrics dashboards and AI control panels.#GitHub #AgentHQ #Copilot #AI #VSCode #OpenAI #Anthropic #Google #xAI #Cognition #CodeQuality #MissionControl #MCPRegistry #Codex #CopilotPro
🚀 OpenAI Launches GPT-5.3-Codex with Enhanced Cybersecurity Features
#OpenAI #GPT5.3Codex #Cybersecurity #SamAltman #Cursor #Github #VSCode #API
OpenAI CEO Sam Altman announced the launch of GPT-5.3-Codex, now available on platforms such as Cursor, Github, and VS Code. According to Jin10, this model is OpenAI's first to be set at a high level for cybersecurity, which caused a slight delay in its release. The company aims to make this model accessible to all API customers soon.#OpenAI #GPT5.3Codex #Cybersecurity #SamAltman #Cursor #Github #VSCode #API