The Hacker News

VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks

VS Code 1.123 adds a two-hour delay before extensions auto-update to newer versions when automatic updates are enabled.
The Hacker News

LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers

Three LiteLLM flaws let low-privilege users gain admin access and run code, exposing AI keys, secrets, prompts, and responses ...
Wired

A New Tool Wants to Save Open Source From Supply Chain Attacks

Russia's historically destructive NotPetya malware attack and its more recent SolarWinds cyberespionage campaign have something in common besides the Kremlin: They're both real-world examples of ...
Dark Reading

How to Lock Down the No-Code Supply Chain Attack Surface

Modern enterprise software development increasingly relies on a vast and complex supply chain of third-party components, integrations, and frameworks. No-code development platforms are no exception, ...