Critical sandbox escape flaw discovered in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.
Cybernews

North Korea is turning open-source projects into malware traps

North Korea is doubling down on a familiar playbook by weaponizing trust in open-source software and developer workflows. The ...

OpenAI spills technical details about how its AI coding agent works

On Friday, OpenAI engineer Michael Bolin published a detailed technical breakdown of how the company’s Codex CLI coding agent ...

New ClickFix attacks abuse Windows App-V scripts to push malware

A new malicious campaign mixes the ClickFix method with fake CAPTCHA and a signed Microsoft Application Virtualization (App-V ...

Malicious Microsoft AI extensions might have hit over 1.5 million users

Two VSCode extensions are harvesting sensitive data and sending it to China.
The Hacker News

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Security researchers found two AI-branded VS Code extensions with 1.5M installs that covertly send source code and files to ...
Road to VR

5 Lessons from Building ‘Bootstrap Island’: Best Practices for Creating Truly Immersive VR Worlds

Every game is the result of thousands of choices. Some of these choices are creative, some technical, and some concern the ...

Microsoft Launches winapp to Simplify Windows App Development

Microsoft’s new winapp CLI simplifies Windows app development with one-command setup, faster testing, and easier packaging.
GitHub

Language Server for Kotlin

The project is in an experimental, pre-alpha, exploratory phase with the intention to be productionized. We move fast, break things, and explore various aspects of the seamless developer experience ...
Visual Studio Magazine

Hands On: Testing Cursor, Windsurf and VS Code on Text-to-Website Generation

A hands-on comparison shows how Cursor, Windsurf, and Visual Studio Code approach text-to-website generation differently once ...
FinanceFeeds

North Korean Hackers Use Fake Job Interviews to Hits 3,100 IP Addresses Linked to Crypto and AI

North Korean hackers hit 3,136 IPs using fake job interviews to deploy malware via coding tests on LinkedIn, targeting crypto and AI firms.
Visual Studio Magazine

How to Use the 'Prompt Coach' AI Agent to Create Effective Prompts for Copilot

A recursive vibe journalism experiment in which Microsoft 365 Copilot's 'Prompt Coach' agent is used to wholly create an ...