Error in Docker Model Runner allows sandbox escape on macOS

If attackers successfully exploit a security vulnerability in Docker on macOS, they can break out of the sandbox and execute ...
XDA Developers on MSN

VS Code is the best productivity app on my PC, and I barely use it for coding anymore

The best code editor might actually be your best everything editor.

500 Poisoned Packages, Hundreds of Companies: TeamPCP’s Worm Just Reached GitHub

A GitHub employee installed a routine VS Code extension update, handed cybercrime group TeamPCP enough access to exfiltrate ...
Memeburn

GitHub Hack Exposes 3,800 Repos and a Bigger VS Code Risk

GitHub hack exposed 3,800 internal repos through a poisoned VS Code extension, raising new concerns over developer supply ...
XDA Developers on MSN

A poisoned VS Code extension led to a GitHub breach, and Microsoft owns every link in the chain

Microsoft has had a VS Code extension for a long time, and it finally came back to bite them.

Valid certificates, stolen accounts: how attackers broke npm's last trust signal

Stolen credentials produced valid Sigstore certificates, clearing 633 malicious npm packages — one of seven developer tool ...

コーディングAIによるカンニングを防いでより正確なプログラミング性能が測定可能なベンチマーク「DeepSWE」

近年はソフトウェア開発にコーディングAIを使用する開発者が一般的になっており、コーディングAIの性能を測るさまざまなベンチマークが存在します。そんなコーディングAI向けベンチマークの欠点を改善したという新たなベンチマーク「DeepSWE」が登場しました。