Blog Posts | Joshua Berkowitz

7 Articles

2025 × supply chain ×

Zed IDE Reinvents Developer Security with Worktree Trust Mechanism

Software supply chain attacks are on the rise, and developer environments are a prime target. Recognizing the risks, Zed is shifting the paradigm by introducing a worktree trust mechanism in its previ...

developer experience developer tools secure by default software security supply chain vulnerabilities worktree trust Zed IDE

Dec 19, 2025

0 1276

News

Malware Discovered Hiding in Popular Visual Studio Code Extensions: What Developers Need to Know

Developers face a new wave of cyber threats after researchers uncovered malware embedded in 19 Visual Studio Code (VS Code) extensions . Active since early 2025 and only recently identified, this camp...

cybersecurity developer security extensions malware npm packages ReversingLabs supply chain VS Code

Dec 12, 2025

0 946

News

AI-Invoking Malware: The Evolution of Cyber Threats

Security company Wiz is noting that cyber attackers are rapidly evolving and are now embedding artificial intelligence directly into malware payloads. This marks a significant departure from using AI ...

AI security cybersecurity LLM malware ransomware supply chain threat detection

Sep 27, 2025

0 2717

News

Shai-Hulud: The First Self-Propagating npm Supply Chain Worm

In September 2025, the JavaScript community experienced a watershed moment: the Shai-Hulud worm swept through npm, infecting over 100 popular packages. This attack was not just another instance of mal...

DevSecOps GitHub incident response JavaScript malware npm security supply chain

Sep 19, 2025

0 5324

News

Trivy, Unpacked: One Scanner For Containers, Code, And Clusters

Security tooling often splinters by surface area: one product for containers, another for code, another for Kubernetes. Trivy takes the opposite approach. It is a single, open-source scanner that unde...

container security CVE Kubernetes SBOM supply chain trivy

Aug 24, 2025

0 6325

Github Repos

Malicious Extensions Can Fake Verification in Popular IDEs

You may be installing what appears to be a "verified" extension in your trusted code editor only to discover it’s actually a cleverly disguised trojan horse. A recent study has spotlighted this alarmi...

cybersecurity developer tools extension security IDEs Microsoft software development supply chain Visual Studio Code

Aug 5, 2025

0 2453

News

NJ HAX Plasma Forge Is Accelerating Fusion Innovation Near Princeton

New Jersey is launching the NJ HAX Plasma Forge, a Strategic Innovation Center dedicated to advancing plasma technology and fusion energy. This initiative, based near Princeton , brings together world...

clean energy entrepreneurship fusion energy innovation center New Jersey plasma research public-private partnership supply chain

Jun 29, 2025

0 3377

News

Our latest content

Check out what's new !

See all

Ads

Prompt Maker Image Generator

Struggling with the perfect AI image prompt? My free app helps you generate brilliant ideas and instantly creates an image to match. Go from concept to creation in two clicks!

Most Popular Articles

Check out what the hot topics are!

See all

Every shirt tells a story—and every story

#ClothingForACause