Weekend RoundUp: Malicious VS Code Extensions Target Developers

Hey there,

Happy Friday🥳!

Before you wrap the week, here’s a quick drop of things worth checking out.

📰Top Picks:

Google Adds Second AI Model to Chrome for Safety
Google is introducing a second Gemini-based model in Chrome to monitor its first AI agent, preventing risky actions from malicious content. The new “User Alignment Critic” checks agent decisions and blocks unsafe tasks. Read more.

AWS Introduces Database Savings Plans
AWS launched Database Savings Plans with discounts up to 35 percent across Aurora, DynamoDB, and more, without locking customers to an engine or region. Early reactions say this signals where AWS is heading for future database commitments. Read more.

Coder Introduces AI Development Infrastructure
Coder’s latest release adds centralized AI access, agent level permissions, and a stronger automation engine. Together, they create a secure foundation for hybrid development where both humans and AI agents operate under consistent safeguards. Read more.

Anthropic Acquires Bun to Boost AI Coding Tools
Anthropic has acquired Bun, the high-performance JavaScript toolkit, to speed up Claude Code, keeping it open source. The move follows Claude Code’s $1B annualized revenue run rate. Read more.

Malicious VS Code Extensions Target Developers
Two VS Code extensions posing as a theme and AI tool were found stealing WiFi passwords, clipboard data, and browser sessions. Microsoft removed the extensions after discovery. Read more.

JetBrains Shuts Down Fleet IDE
JetBrains will discontinue its Fleet IDE on December 22, 2025, shifting focus to Air, a new agentic AI development tool built on the Fleet platform. Air guides developers via AI agents and is now in public preview. Read more.

Critical React Flaw Lets Hackers Run Code Remotely
A severe vulnerability in React Server Components and Next.js allows attackers to execute code on affected servers. Companies are strongly urged to patch immediately. Read more.

Linux Foundation Forms Agentic AI Foundation
The Linux Foundation has launched the Agentic AI Foundation to provide neutral oversight for AI agent infrastructure, uniting projects from Anthropic, OpenAI, and Block. The effort aims to ensure transparency and stability as agentic tools expand. Read more.

AWS Resurrects CodeCommit
AWS reopens CodeCommit to new users, with Git LFS coming in 2026. The managed Git service simplifies compliance and integrates with CodePipeline and CodeBuild. Read more.

Microsoft Closes 2025 With Critical Patches
Microsoft released fixes for 56 Windows flaws, including an actively exploited zero-day in Cloud Files minifilter and two command injection vulnerabilities in PowerShell and GitHub Copilot for JetBrains. All users are urged to patch immediately. Read more.

🗓️ Upcoming Events

Mark your calendars!

• DevFest Sri Lanka 2025 (14 December)
  Sri Lanka’s premier developer conference brings together local and international tech experts to share insights on AI, cloud, mobile, and web technologies, with interactive workshops and community sessions. Get your tickets.

• DevFest Kigali 2025 (19–20 December)
  Two days of tech exploration in Kigali featuring talks, workshops, and hackathons on cloud, mobile, AI, and web technologies, designed to connect developers across the region. Get your tickets.

• DevFest Kolkata 2025 (21 December)
  End the year with a one-day developer meetup in Kolkata, covering modern web, cloud, and mobile technologies, interactive coding sessions, and community networking. Get your tickets.

Creating and Enforcing Organization-Wide Policies With Octopus Platform Hub

Octopus Platform Hub lets teams create standard deployment workflows that developers can easily follow. Policies written in Rego run automatically before deployments, making sure security checks and best practices are always applied.

This means teams can move fast without worrying about compliance or operational mistakes. The platform makes it simple to enforce consistency while still giving developers the freedom to work efficiently. Read more.

Opportunities:

• DevOps Engineer at Merge - San Francisco, CA or Remote

• DevOps Engineer at Moody - London, UK

• DevOps Engineer at Zoom - San Jose (CA)

• Azure/AWS DevOps Engineer- Analyst at Deloitte - Hyderabad, India

• Solutions Engineer at Wiz - United Kingdom (Remote)

• DevOps Engineer at ReliaQuest - Salt Lake City, UT

• Software Engineer I- Site Reliability Engineer at Electronic Arts - Hyderabad, India (Hybrid)

• Site Reliability Engineer (SRE) at Baseten - San Francisco Office, Remote, New York

• Mid-Junior DevOps Engineer at HERE - New York, USA

• Site Reliability Engineer - Python, Linux, Kubernetes at Visa - Bengaluru East, India (Hybrid)

• DevOps Engineer at Smarkets - Greater London, UK (Hybrid)

• Software Engineer, Infrastructure at Meta - London, UK

• DevOps Engineer at Pfizer - Chennai, India (Hybrid)