GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...

Vibe coding apps taught me how hard real coding is

Garbage in, garbage out” applies just as much to AI-assisted vibe coding as it does to old-fashioned software development, as I learned the hard way.
InfoWorld

I ran Qwen3.5 locally instead of Claude Code. Here’s what happened.

You can now run LLMs for software development on consumer-grade PCs. But we’re still a ways off from having Claude at home.
InfoWorld

Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse

Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace ...
Visual Studio Magazine

Going Local (& a Bit Loco) with Open-Source AI in VS Code

This hands-on PoC shows how I got an open-source model running locally in Visual Studio Code, where the setup worked, where it broke down, and what to watch out for if you want to apply a local model ...