InfoWorld

Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse

Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace ...

AppsFlyer Web SDK used to spread crypto stealer JavaScript code

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.
WinBuzzer

Anthropic Unlocks 1M-Token Context Window for all Max, Team, and Enterprise Users

Anthropic has made its 1M-token context window generally available for Claude Opus 4.6 and Sonnet 4.6 at standard pricing, ...

Microsoft is working to eliminate PC gaming’s “compiling shaders” wait times

Microsoft first rolled out Advanced Shader Delivery in its SDK last September and added support to the ROG Xbox Ally as a ...

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible ...
heise online

Windows Editor: Details on Markdown security vulnerability

In Windows' Editor, Microsoft closed a security vulnerability in Markdown processing with the Windows updates on Patchday. Attackers can inject malicious code through the leak. More detailed ...