InfoWorld

OpenAI adds plugin system to Codex to help enterprises govern AI coding agents

The move lets IT administrators standardize and distribute agent behaviors across engineering teams, but OpenAI’s third-party ...
The Hacker News

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

Claude extension flaw enabled silent prompt injection via XSS and weak allowlist, risking data theft and impersonation until ...

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...
The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...
XDA Developers on MSN

Google kept featuring this Chrome extension for months after it turned malicious

How can an extension change hands with no oversight?
GitHub

Built-in extension vscode.github is crashing on activation

at file:///c:/Users/JohnM/AppData/Local/Programs/Microsoft%20VS%20Code%20Insiders/11246017b6/resources/app/extensions/github/dist/extension.js:1:383 at file:///c ...
GitHub

Built-in GitHub extension is failing to start

When I open my local copy of my tracking repo of the microsoft/vscode repo I get this message in the Extension Host output channel: 2026-03-05 16:37:29.200 [info] ExtensionService#_doActivateExtension ...