Print-on-demand wallpaper and fabric company Spoonflower has a reputation for eye-catching, colorful, sometimes even kitschy patterns. This is a brand whose "About" page says, "It all began with oversized yellow polka-dot curtains."The company revolutionized the home-decor textile space by providing an online platform where independent artists and creators could sell their custom designs, and homeowners, renovators, and DIYers would be sure to find, among the site's more than a million offerings, a print for any project they could dream up. Especially if they had their heart set on something bold, bright, and funky. But unique design resources don't stay under the radar for long. Professional designers are avid fans of Spoonflower as well, and the poppy prints have been joined by more subtle patterns and sophisticated neutral colors, as well as metallic options, that suit a full array of decor styles. Recently, the brand partnered with House Beautiful in the 2024 Whole Home project in Asheville, North Carolina, inviting designers to bring their creativity to bear using Spoonflower designs. Take a look.Brie WilliamsThe house, nestled in the Blue Ridge Mountains, has a modern-rustic vibe, which Oklahoma City-based designer Kelsey Leigh amplified with unexpected masculine touches in the kitchen. She installed cabinetry painted a deep navy and covered a window wall offering a sweeping view in a Spoonflower plaid wallpaper in browns and tans. The colors may be subdued, but the effect is dramatic. Since turnaround time can be tight on a showcase project like this, Leigh opted for pre-pasted wallpaper, which comes with adhesive already on the back. The paste is activated by water, allowing you to apply the paper directly to the prepared wall. It also comes off easilyjust grab a corner and peel to remove. (Spoonflower can print almost any pattern on traditional non-pasted paper, grasscloth, peel-and-stick, and vinyl as well.)Brie WilliamsIn the house's media room, California designer Anita Yokota, author of Home Therapy, kept things tranquil with gently undulating Watercolor Stripes in Waves wallpaper in Blue. (The hand-painted pattern also comes in six other pastel-leaning colorways.) Spoonflower has embraced professionals like Yokota with its Trade Program, which lets designers leverage the company's vast library on behalf of clients. It offers professionals exclusive trade discounts and curation services, along with customer-pleasing unlimited swatches and quick lead times.Brie WilliamsThe home's recurring palette of brown and navy inspired Heidi Woodman, a designer from Indianapolis who took on the primary bedroom, to choose a burlap-patterned wallpaper (also seen in the image at top) in a warm neutral called Biscuit. Woodman had it printed on grasscloth; the subtle texture integrates nicely with the abundant natural-wood floors and furniture.Brie WilliamsMost of Spoonflower's designs can be digitally printed on fabric as well as wallpaperyou can even have them rendered on cocktail napkins, throw pillows, duvet covers, you name it. Byron Risdon, owner of an interior-design firm in Washington, D.C., outfitted a guest bedroom with a coverlet in solid dark teal to play against boldly floral draperies. Touches of white, as in the black-and-white windowpane bedding, act as brief visual breaks amid the room's saturated color scheme. Risdon chose performance linena synthetic fabric with the organic, woven look of linento keep the bedding high-style but low-maintenance. Spoonflower also offers velvet, chiffon, jersey, denim, sateenin fact, there are some 30 fabric types to choose from, so the pattern you love can be made to suit whatever room and use you intend it for. Because that's Spoonflower's superpower: providing a single destination where you can execute every facet of your design vision.

Munich-based startup Vaeridion has secured 14mn to develop an electric aircraft that it hopes will whisk passengers on short-haul routes around Europe by 2030. The microliner looks like a regular plane and it takes off from a runway the only difference is that it will be powered by batteries, Vaeridions co-founder and CEO, Ivor van Dartel, told TNW in an interview last month. For operators and passengers, the experience will be essentially the same.Berlin-based climate tech VC World Fund led the Series A investment, with participation from Project A Ventures, Vsquared Ventures, Schwarz Holding, InnovationQuarter, and angel investor Andreas Kupke.Our new funding will significantly accelerate development efforts, paving the way for certification-conforming prototype flights to take off in 2027, followed by a first commercial flight by 2030, said Van Dartel.The of EU techThe latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!The news comes just a month after Vaeridion became the first general aviation manufacturer to secure a pre-application contract (PAC) with the European Union Aviation Safety Agency (EASA), in a big step towards commercial flight.Vaeridions head of engineering, Markus Kochs Kmper, called it a huge milestone in the development of its microliner. This initiative allows us to de-risk our core technology and the path to certifying our electric aircraft prior to submitting a type certificate application, he told TNW at the time.Van Dartel and Sebastian Seemann both former Airbus and ZF engineers co-founded Vaeridion in 2021. Their vision was to build an electric plane to replace jet-fueled aircraft on regional flights.Preliminary tests put the range of the microliner at about 500km, said the company. In 2022, almost a third of flights in the EU covered this distance or less, according to Eurocontrol.Vaeridions design is similar to existing regional aircraft, which could reduce development and manufacturing costs compared to more experimental electric vertical takeoff and landing (eVTOL) models that often require intricate propulsion systems and vertical lift capabilities.The company has already signed up its first customers: Dutch private jet operator ASL Group, German business airline Aero-Dienst, and Danish companies Copenhagen AirTaxi and Copenhagen Helicopter. Aero-Dienst and Vaeridion are also working together on the potential roll-out of an electric plane ambulance service for Germanys ADAC, Europes largest automobile association. Our partnerships and market-focused strategy reflect our commitment to not only decarbonising short-haul flights across Europe but also to setting a new standard for sustainable and energy-efficient aviation at a competitive price point, said Van Dartel.Vaeridion estimates that a trip in the microliner will cost between 150300. The aircraft will initially serve business passengers before expanding into consumer travel, the company said. Story by Sin Geschwindt Sin is a climate and energy reporter at TNW. From nuclear fusion to escooters, he covers the length and breadth of Europe's clean tech ecos (show all) Sin is a climate and energy reporter at TNW. From nuclear fusion to escooters, he covers the length and breadth of Europe's clean tech ecosystem. He's happiest sourcing a scoop, investigating the impact of emerging technologies, and even putting them to the test. Sin has five years journalism experience and holds a dual degree in media and environmental science from the University of Cape Town, South Africa. Get the TNW newsletterGet the most important tech news in your inbox each week.Also tagged with

Short-term rental platforms like Airbnb have transformed travel. Theyve made it easier for tourists to access personalised, private accommodations and for property owners to monetise their spaces.With global tourism now on track for a full recovery post-COVID, Hostaway has secured a cool $365mn at a $925mn valuation as it looks to cash-in on the boom in short-term rentals. Hostaway is a property management system (PMS) and software marketplace for the short-term rental industry. It will use the cash to enhance its dynamic pricing tools, further integrate AI, and expand its presence in new markets, focusing on France, Italy, and Spain.Expanding into different geographies and investing in innovative AI applications is something weve been hyper-focused on for over a year now, said co-founder and CEO Marcus Rder in a blog post. With this new strategic investment, well be doubling down on these efforts and much more.The of EU techThe latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!The company said it was the first PMS to integrate ChatGPT into its platform. Going forward, it plans to add or improve upon AI-powered personalised messaging, content creation, and language translation.Rder co-founded Hostaway in Finland in 2015, alongside Mikko Nurminen (CFO) and Saber Kordestanchi (COO), at a time when companies like Airbnb were really starting to disrupt a travel industry dominated by hotel chains and guest lodges.The founders saw that while short-term rental platforms were easy for customers to use, managing stuff like bookings, pricing, and communication was a bit of a headache for property owners. They launched Hostaway to help property managers automate and manage short-term stays across multiple platforms like Airbnb, Booking.com, and Vrbo.The idea is that by automating tasks and putting the data on a single platform, Hostaway can save property managers time on admin, freeing them up to focus on customer service critical in a review-based industry. The platform also recently adopted dynamic pricing tools to optimise rates, potentially increasing revenue.Hostaway has emerged as a category leader with a differentiated product addressing the distinct needs of short-term rental property managers, a dynamic and growing industry, said Raph Osnoss, managing director at General Atlantic, a New York-based growth equity firm that led the funding round.Hostaway also raised $170mn last year in its first big funding round. The company claims its platform is used by customers in over 90 countries. While Hostaway is officially based in Toronto, Canada, it employs a fully remote workforce of over 230 employees across 44 countries.Hostaway is one of a cohort of tech startups raising big money to make things easier for the hospitality industry. One of them is UK-based Lighthouse, which raised $370mn in November to expand its data intelligence platform for hotels. Another is Amsterdam-based Mews whichraised$110mn in Marchat a valuation of over $1.2bn, becoming the first Dutch unicorn of the year. Then in September, it baggedanother $100mn, to further develop and expand its PMS software. Story by Sin Geschwindt Sin is a climate and energy reporter at TNW. From nuclear fusion to escooters, he covers the length and breadth of Europe's clean tech ecos (show all) Sin is a climate and energy reporter at TNW. From nuclear fusion to escooters, he covers the length and breadth of Europe's clean tech ecosystem. He's happiest sourcing a scoop, investigating the impact of emerging technologies, and even putting them to the test. Sin has five years journalism experience and holds a dual degree in media and environmental science from the University of Cape Town, South Africa. Get the TNW newsletterGet the most important tech news in your inbox each week.Also tagged with

Every year, MKBHD holds its Smartphone Awards, choosing the best smartphones in different categories. For 2024, the YouTuber chose phones for 10 categories, and surprisingly, iPhone 16 won an unexpected one this years Best Small Phone.As noted by MKBHD, the definition of a small phone has changed a lot in recent years, as many companies have abandoned smaller phone sizes including Apple. The mini-sized iPhone gave way to the iPhone 14 Plus in 2022 and never came back. Even so, the YouTuber chose the iPhone 16 as the Best Small Phone of 2024.Although it has a 6.1-inch display, its size is considered relatively small by todays standards. Marques praises how Apple has improved this years base model with a lot of features from the Pro lineup while keeping the phone somewhat small and super light. Its the ideal phone for people who want a powerful phone without a huge screen.More from MKBHD Smartphone Awards2024When it comes to the camera, the iPhone 16 Pro won in the Best Camera category. Even though the YouTuber says that there are phones with much more advanced sensors, such as the Vivo X200 Pro, he believes that the iPhone still stands out for the whole package especially for professional video recording.Still, Marques chose Samsungs Galaxy S24 Ultra as the Phone of the Year. According to him, the S24 Ultra may seem boring because it doesnt have anything super exciting (like a foldable design), but it does have a great screen, a great battery, great cameras and more. The YouTuber praised the new anti-reflective coating and said that the S24 Ultra was the phone he used the most during the year.Heres the full list:Best Big Phone:Samsung Galaxy S24 UltraBest Small Phone:iPhone 16Best Camera:iPhone 16 ProBest Value:Nothing Phone 2aBest Battery:Red Magic 10 ProBest Design:Hauwei Mate XTBest Foldable:Google Pixel 9 Pro FoldMost Improved:Google Pixel 9 Pro FoldBust of the Year:Asus Zenfone 11 UltraPhone of the Year:Samsung Galaxy S24 UltraYou can watch the full video belowto see all the winners of the MKBHD Smartphone Awards 2024:Do you agree with this years winners? Which ones would you choose? Let us know in the comments section below.Add 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Apple on Thursday stopped signing iOS 18.1.1, preventing users from downgrading to this version of the operating system if their iPhone or iPad is already running a newer version. The move comes a week after the release of iOS 18.2, which introduced significant new features and improvements.Apple blocks downgrade from iOS 18.2 to iOS 18.1.1With iOS 18.1.1 no longer being signed, iPhone and iPad users can no longer revert to this version of the operating system. iOS 18.1.1 was released on November 19 and brought some important security patches. iOS 18.2 was released on December 11 and introduced many new features, including Image Playground, Genmoji, ChatGPT integration with Siri, Camera Control enhancements, and Mail Categorization. Of course, the update also includes multiple security patches, including one that prevents malicious apps from accessing private information.Apples decision to stop signing iOS 18.1.1 aligns with its commitment to user security. By encouraging users to update to the latest version, Apple aims to protect devices from potential vulnerabilities.The inability to downgrade affects the jailbreaking community, as reverting to older iOS builds is often utilized for this purpose. While some users may be frustrated by the inability to downgrade, Apples policy of stopping the signing of older iOS versions is a long-standing practice aimed at maintaining the security of its ecosystem.Users are strongly advised to update their devices to iOS 18.2 to ensure they have the most recent security patches and feature improvements. This can be done through the Settings app under General > Software Update.Its worth noting that Apple still lets users running iOS 17 on their devices keep receiving security patches without having to upgrade to iOS 18. However, once you upgrade to iOS 18, its no longer possible to downgrade to iOS 17 either. If youre running iOS 18.3 beta, you can only downgrade to iOS 18.2.Add 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

OpenAI last month announced a major update to the macOS ChatGPT app, which gained the ability to read on-screen content in certain apps. The company is now rolling out an update that expands support for Apple Notes and even more third-party apps.Whats new in ChatGPT for macOSAccording to OpenAI, the latest update of ChatGPT for macOS enables support for even more third-party apps. For instance, it can now read content from Apple Notes, Notion, and Quip. In addition, the list of supported apps now includes BBEdit, Android Studio, AppCode, and many more. Heres the full list of new apps supported by ChatGPT on Mac:New IDEs: BBEdit, MatLab, Nova, Script Editor, and TextMate;VS Code forks: VSCode Insiders, VSCodium, Cursor, and WindSurf;Jetbrains IDEs: Android Studio, AppCode, CLion, DataGrip, GoLand, IntelliJ IDEA, PHPStorm, PyCharm, RubyMine, RustRover, and WebStorm;Terminal apps: Prompt and Warp;Productivity apps: Apple Notes, Notion, and QuipWhen the feature was introduced, it only worked with iTerm 2, Terminal, TextEdit, VS Code, and Apples Xcode. As an example, users can ask ChatGPT to read code from an Xcode project and ask for suggestions on how to improve it without having to manually copy and paste the code into the ChatGPT app. It can even read content from more than one app at the same time, which is very useful for working with developer tools.For privacy reasons, users can control at any time when and which apps ChatGPT can read. You have the same controls over how this data is stored or processed as you normally would over anything else in your conversation history, says OpenAI.Integration with third-party apps is only available to ChatGPT Plus, Pro, Team, Enterprise, and Edu subscribers. Theres no word on when (or if) the feature will become available to free ChatGPT users.You can download the ChatGPT app for macOSfrom OpenAIs website. Its available for free, while ChatGPT Plus subscribers can sign in and access their full account. Its worth noting that macOS 15.2, which was recently released to the public, lets users interact with ChatGPT directly from Siri.Add 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

But her emails!Private ERemember when Donald Trump called for his opponent Hillary Clinton to be "locked up" for using a private email server to conduct government business? As it turns out, he doesn't seem to be applying the same standard to his own White House.AsPolitico reports, officials trying to coordinate with the Trump transition team are raising red flags over their use of private servers and non-government devices especially after both China and Iran tried to hack Trump and his running mate JD Vance ahead of the election.According to Michael Daniel, a former White House cybersecurity coordinator during the second Obama administration who now runs his own security nonprofit, those concerns remain salient."I can assure you that the transition teams are targets for foreign intelligence collection," Daniel told Politico. "There are a lot of countries out there that want to know: What are the policy plans for the incoming administration?"Trump's team has, according to the report, conducted an entirely privatized transition. Instead of working with any .gov emails or servers, the transition is instead sending emails associated with the transition47.com, trumpvancetransition.com, and djtfp24.com websites. The Trump transition is also using its own cybersecurity support, Politico notes.All this, it's worth noting, is exactly what sank Clinton's campaign in 2016 and put Trump in the White House instead.Ample AttestationOfficials with the outgoing Biden administration have, according to two insiders who spoke to the website, advised their people that they can choose to meet for in-person document exchanges and meetings that could otherwise have been done electronically.A White House spokesperson toldPolitico that federal agencies have been reminded that they can choose to "only offer in-person briefings and reading rooms in agency spaces" if they're concerned about security, and that they can require officials with the Trump transition to "attest" their security is up to government snuff."Because they dont have official emails, people are really wary to share things," a State Department official told Politico on condition of anonymity. "Im not going to send sensitive personnel information to some server that lives at Mar-a-Lago while there are so many fears of doxxing and hacking.""They have to physically come and look at the documents on campus," the official continued, "especially for anything with national security implications."A spokesperson for the Trump transition, meanwhile, confirmed that the team is conducting all its business on a "transition-managed email server" and insisted that it's using "security and information protections," without specifying what they were.According to that spox, using private servers eliminates the need for "additional government and bureaucratic oversight" a far cry from the "lock her up" battle cry of yore.More on team Trump: Elon Musk Throws Tantrum, Ordering Congress to Shut Down GovernmentShare This Article

Who's really in control? The President of the United States or his most outspoken financial backer?Now that multi-hyphenate billionaire Elon Musk's deep pockets got Donald Trump reelected, some tough questions have emerged for the incoming administration.Trump isn't laughing as Musk continues taking matters into his own hands, often giving the impression that the SpaceX CEO rather than his septuagenarian pal is really in charge of the upcoming White House.Trump spokesperson Karoline Leavitt seemed very touchy today about the suggestion that it's Musk calling the shots."As soon as President Trump released his official stance on [efforts to avoid a government shutdown], Republicans on Capitol Hill echoed his point of view," she said. "President Trump is the leader of the Republican Party. Full stop."Trump has previously issued a jokesy warning to Musk not to undermine his authority too much. But the situation gained new momentum this week when Musk took to X,in a barrage of over 100 posts, to pressure lawmakers to kill a bipartisan spending bill that would avoid an imminent government shutdown.Though he's been put in charge of a so-called Department of Government Efficiency which will operate from outside the government and play only an advisory role to slash the federal budget, Musk isn't an elected politician.Yet to Democrats and Republicans alike, his repeated calls to torpedo the bill efforts which have appeared to pay off made it feel like he was setting the agenda, instead of Trump himself."President-elect Musk is really setting down the marker of how he wants to run his administration,"former GOP representative Adam Kinzinger joked. "VP Trump better pay attention."Kinzinger's comments, and many others like it, have clearly struck a nerve, as evidenced by Leavitt's statement.Unsurprisingly, the torpedoing of the bill had plenty of lawmakers equally furious."Democrats and Republicans spent months negotiating a bipartisan agreement to fund our government," said senator Bernie Sanders in a statement. "The richest man on Earth, President Elon Musk, doesnt like it. Will Republicans kiss the ring?"Nobody really knows how this situation will pan out. Is Trump a "shadow president," operating in the pocket of the world's richest man? What other kinds of change could a furious Musk bring to the US government?This isn't just a pointless kerfuffle amongst some extremely influential people Musk's growing influence could have potentially incredibly harmful and destabilizing effects on how the US government is run, affecting the entire country and world.Meanwhile, Trump loyalists in Congress are holding the line that Musk and Trump have forged a lasting relationship."DOGE can only truly be accomplished by reigning in Congress to enact real government efficiency," representative Marjorie Taylor Greene tweeted. "The establishment needs to be shattered just like it was yesterday."Share This Article

Earlier this month, Google announced a brand-new quantum chip dubbed Willow.The 105-qubit chip that's double the qubit count of the tech giant's preceding Sycamore chip completed a computation in under five minutes that would take a modern supercomputer a "mind-boggling" 10 septillion years, the company said.The news reignited a debate surrounding the security of blockchains, the distributed ledgers that run digital currencies like Bitcoin. Could a future quantum computer break the cryptocurrency's encryption, allowing thieves to abscond with unfathomable sums?As Fortune reports, researchers at the University of Kent found in a yet-to-be-peer-reviewed study that the risk is very real. In fact, just the downtime required to update the blockchain to protect itself from an encryption-breaking quantum computer could extend to 76 days and the resulting losses would likely be staggering."Bringing your technology down... can be very, very costly, even if its on for a few minutes or a few hours," coauthor and senior lecturer at the University of Kent Carlos Perez-Delgado told Fortune."If I had a large quantum computer right now, I could essentially take over all the Bitcoin," he added. "By tomorrow, I could be reading everybodys email and getting into everybodys computer accounts, and thats just the fact."But exactly how imminent this threat is remains highly debatable. In an update last week, AllianceBernstein analysts argued that Bitcoin contributors should "start preparing for the quantum future."However, "any practical threat to Bitcoin seems decades away," the analysts wrote.Researchers have similarly argued that it would take quantum computers with millionsof qubits to break Bitcoin encryption in a single day.Analysts have also found that SHA-256 encryption, which serves as the security measure protecting Bitcoin miners today, could eventually be cracked albeit with quantum hardware that hasn't even been dreamed up yet.On a broader scale, apart from cracking cryptocurrencies, Google's latest quantum chip also falls woefully short of doing anything actually useful as of right now."The particular calculation in question is to produce a random distribution," German physicist and science communicator Sabine Hossenfeldertweeted in response to Google's recent announcement. "The result of this calculation has no practical use."In short, while many agree that quantum computers could pose a growing threat to the cryptography behind Bitcoin, the cryptocurrency community could still have plenty of time to implement changes to protect the blockchain.Which is easier said than done. As Fortune points out, Bitcoin's decentralized nature could make pushing an encryption update an immense task.But that doesn't mean the cryptocurrency shouldn't do it. In an October blog post, Vitalik Buterin, the cofounder of the prominent cryptocurrency Ethereum, argued that advancing quantum computing tech could have "consequences across the entire Ethereum roadmap.""The indisputable fact that nobody can argue is that when we do get there," Perez-Delgado told Fortune, "our current securities, the cybersecurity systems which includes everything from Bitcoin to email will be in great danger."More on Bitcoin: Man Accused of Being Satoshi Nakamoto Goes Into HidingShare This Article

Dec 19, 2024Ravie LakshmananSupply Chain / Software SecurityThreat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up thousands of downloads on the package registry.The counterfeit versions, named @typescript_eslinter/eslint and types-node, are engineered to download a trojan and retrieve second-stage payloads, respectively."While typosquatting attacks are hardly new, the effort spent by nefarious actors on these two libraries to pass them off as legitimate is noteworthy," Sonatype's Ax Sharma said in an analysis published Wednesday."Furthermore, the high download counts for packages like "types-node" are signs that point to both some developers possibly falling for these typosquats, and threat actors artificially inflating these counts to boost the trustworthiness of their malicious components."The npm listing for @typescript_eslinter/eslint, Sonatype's analysis revealed, points to a phony GitHub repository that was set up by an account named "typescript-eslinter," which was created on November 29, 2024. Present with this package is a file named "prettier.bat." Another package linked to the same npm/GitHub account is named @typescript_eslinter/prettier. It impersonates a well-known code formatter tool of the same name, but, in reality, is configured to install the fake @typescript_eslinter/eslint library.The malicious library contains code to drop "prettier.bat" into a temporary directory and add it to the Windows Startup folder so that it's automatically run every time the machine is rebooted."Far from being a 'batch' file though, the "prettier.bat" file is actually a Windows executable (.exe) that has previously been flagged as a trojan and dropper on VirusTotal," Sharma said.On the other hand, the second package, types-node, incorporates to reach out to a Pastebin URL and fetch scripts that are responsible for running a malicious executable that's deceptively named "npm.exe.""The case highlights a pressing need for improved supply chain security measures and greater vigilance in monitoring third-party software registry developers," Sharma said.The development comes as ReversingLabs identified several malicious extensions that were initially detected in the Visual Studio Code (VSCode) Marketplace in October 2024, a month after which one additional package emerged in the npm registry. The package attracted a total of 399 downloads.The list of rogue VSCode extensions, now removed from the store, is below -EVM.Blockchain-ToolkitVoiceMod.VoiceModZoomVideoCommunications.ZoomZoomINC.Zoom-WorkplaceEthereum.SoliditySupportZoomWorkspace.Zoomethereumorg.Solidity-Language-for-EthereumVitalikButerin.Solidity-EthereumSolidityFoundation.Solidity-EthereumEthereumFoundation.Solidity-Language-for-EthereumSOLIDITY.Solidity-LanguageGavinWood.SolidityLangEthereumFoundation.Solidity-for-Ethereum-Language"The campaign started with targeting of the crypto community, but by the end of October, extensions published were mostly impersonating the Zoom application," ReversingLabs researcher Lucija Valenti said. "And each malicious extension published was more sophisticated than the last."All the extensions as well as the npm package have been found to include obfuscated JavaScript code, acting as a downloader for a second-stage payload from a remote server. The exact nature of the payload is currently not known.The findings once again emphasize the need for exercising caution when it comes to downloading tools and libraries from open-source systems and avoid introducing malicious code as a dependency in a larger project. "The possibility of installing plugins and extending functionality of IDEs makes them very attractive targets for malicious actors," Valenti said. "VSCode extensions are often overlooked as a security risk when installing in an IDE, but the compromise of an IDE can be a landing point for further compromise of the development cycle in the enterprise."Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE