作为桌面上的 Electron 应用程序，在 VSCode 内部执行任意 JavaScript 无异于完全的远程代码执行。这就是 VSCode 实施一些沙盒化方法的原因，我们将重点讨论的是 VSCode 的 Webview。

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

Lazarus Group has deployed RemotePE, a fully memory-resident trojan that is extremely hard for traditional antivirus and forensic tools to detect.

According to Windows Latest, Microsoft is stepping up efforts to promote AI-powered Electron apps on Windows 11, positioning the operating system as a platform built for AI experiences. The company is ...

Leaked API keys are nothing new, but the scale of the problem in front-end code has been largely a mystery - until now. Intruder’s research team built a new secrets detection method and scanned 5 ...

After macOS Tahoe launched, some intrepid developers noticed that Electron apps could cause the Mac’s rendering system to be overloaded due to an incompatibility with the way Electron apps were ...

这是一个现代化的Electron桌面应用开发模板，集成了Vue3、TypeScript、Vite等前沿技术栈 ...

An Electron bug that clashed with macOS 26 Tahoe's graphics engine caused apps like Slack, Discord, and VS Code to slow down Macs, but new updates finally fix the issue. After macOS 26 Tahoe launched ...

Bottom line: Microsoft is making a significant effort to turn its official app store into a profitable or even enticing service for programmers and software entrepreneurs. Bringing apps to the store ...