Glassworm malware returns in third wave of malicious VS Code packages

The Glassworm campaign, which first emerged on the OpenVSX and Microsoft Visual Studio marketplaces in October, is now in its third wave, with 24 new packages added on the two platforms.
GitHub

IDE fails to resolve correct class when duplicate classes exist across multiple JARs (shaded vs non-shaded)

In the shaded JAR (hadoop-client-api.jar), AuthenticationHandler references HttpServletRequest from a relocated (shaded) servlet package. In hadoop-auth.jar, the same class references ...
GitHub

Feature Request: Support incremental/partial build behavior similar to Eclipse and IntelliJ

The current build behavior in VS Code Java (via the Extension Pack for Java) rebuilds the entire workspace whenever projects are opened or source files change. This leads to long build times and high ...
Dark Reading

GlassWorm Returns, Slices Back into VS Code Extensions

GlassWorm, a self-propagating malware targeting Visual Studio Code (VS Code) extensions on the Open VSX marketplace, have apparently continued despite statements that the threat had been contained.