Charlene Hunter, founder of Coding Black Females, established the non-profit in 2017 to create a supportive community for Black women in technology, addressing a gap she identified during her own career. The organisation has since expanded to offer online courses, boot camps, mentoring and events, fostering collaboration and skill development while highlighting the unique opportunities in tech, such as global project participation and the universal nature of coding. Hunter discusses the integration of AI in training, emphasising its role as a tool to enhance learning rather than replace human expertise and stresses the importance of adaptability in a rapidly evolving industry. The initiative has had a transformative impact on participants, empowering them to advance their careers, improve their lives and inspire others, with many forming their own communities and initiatives. Employers and organisations engaging with the charity benefit from access to skilled talent and enhanced employee retention through volunteer opportunities that build confidence and professional growth.
A North Korean threat group, known as Lazarus, has been linked to recent cyberattacks involving Medusa ransomware, targeting organisations in the Middle East and a US healthcare entity. The attacks, attributed to Lazarus, utilised a range of malware including the Comebacker backdoor, Blindingcan remote access Trojan and Infohook information stealer, reflecting the group's long-standing involvement in financially motivated cybercrime. While Medusa initially operated as a closed ransomware group, it has since expanded to a ransomware-as-a-service model, targeting critical infrastructure sectors. The threat hunters noted that although the attacks exhibited tactics associated with a Lazarus subgroup called Stonefly, other malware used was previously linked to a different unit, Diamond Sleet, indicating potential collaboration or overlap within the group's structure. Security experts highlighted the use of the bring-your-own-vulnerable-driver technique by Medusa, urging organisations to bolster defences by blocking known vulnerable drivers and monitoring for privilege escalation attempts. The report also provided indicators of compromise, including malicious file signatures and network activity, to aid in detection and mitigation efforts.
The latest version of Visual Studio Code has been released, bringing with it a range of new features and improvements. One notable addition is the ability to detect whether VS Code is running in portable mode, allowing extensions to adjust their behaviour accordingly. Another significant change is the redesign of the installation layout on Windows, which addresses long-standing reliability issues related to in-app updates. The new implementation takes inspiration from Chromium's update client and uses versioned package paths. The Copilot extension has been deprecated, with all AI functionality now served by the GitHub Copilot Chat extension. When updating VS Code, the deprecated Copilot extension will be automatically uninstalled, while the Copilot Chat extension remains installed and provides the complete Copilot experience. In terms of bug fixes, several issues have been addressed, including a problem with hover not triggering immediately when pressing a modifier key, as well as a memory leak in folder configuration. Extensions such as vscode-copilot-chat, vscode-explorer-command and vscode-js-debug have also received updates, with contributions from various developers. These updates include improvements to the Copilot Chat extension, fixes for issues related to shell startup and enhancements to the Python environment tools. Overall, this release brings a range of new features and improvements to VS Code.
A new version of Positron has been released, featuring several key updates and improvements. A reimagined notebook editor is now available for alpha testing, providing a batteries-included environment for data science workflows with integrated panes for inspecting variables and exploring dataframes. The Connections Pane has also been expanded to support connections to databases such as SQL Server, Databricks, Snowflake and BigQuery, each with multiple authentication methods. Additionally, R users can now set breakpoints in Positron, allowing them to step through their code interactively. Other updates include improved debugging tools, enhanced database connection management and various bug fixes.
The January 2026 release of Visual Studio Code focuses on transforming the editor into a comprehensive environment for multi-agent development workflows. The update introduces substantial improvements to chat experiences through faster streaming, enhanced reasoning displays and a redesigned inline chat interface that minimises visual disruption. Users can now manage agent sessions more effectively across local, background and cloud environments through a unified view that allows parallel task delegation and seamless switching between different agent types. Customisation capabilities have expanded considerably, enabling developers to build reusable workflows through agent orchestrations, maintain consistency with organisation-wide instructions and create specialised Agent Skills that package domain expertise for specific tasks. The release adds Claude agent support that integrates Anthropic's agent SDK directly, whilst MCP Apps now enable rich interactive visualisations within chat responses.
Performance optimisations include Copilot Memory for retaining important context across sessions, external indexing for faster code search in non-GitHub workspaces and improved context management through interleaved thinking tokens. Security enhancements introduce experimental terminal sandboxing that restricts file system and network access for agent-executed commands, alongside refined auto-approval rules for safe operations. The integrated browser feature allows developers to preview and test applications without leaving the editor, complete with authentication support and developer tools. Terminal improvements include better command output streaming, interactive input handling and quality-of-life refinements such as customisable sticky scroll behaviour. Numerous editor enhancements make daily coding smoother, including improved bracket matching colours, content selection through double-clicking and better snippet management with file pattern controls. Extensions gain new capabilities through finalised APIs for quick input buttons and proposed APIs for chat model provider configuration, enabling richer experiences across the ecosystem.
Python's built-in input function captures keyboard data from users by displaying a prompt message and pausing programme execution until the user types a response and presses Enter, returning the entered data as a string regardless of what was typed. The function accepts an optional prompt parameter that appears on-screen before input collection begins, making it possible to create interactive programmes that respond dynamically to user-provided information such as names, preferences or configuration settings.
Since input always returns strings, developers must explicitly convert responses to other types like integers or floats using conversion functions when numerical values are needed for calculations, wrapping these conversions in try-except blocks to handle ValueError exceptions that occur when users enter incompatible data types. Multiple entries can be collected by combining input with loops and data structures like lists or sets, allowing programmes to gather comma-separated values or repeatedly prompt users until sufficient responses are collected, with string methods like split and strip processing the raw input into usable formats.
For sensitive information such as passwords or API keys, the standard library's getpass module provides an alternative that prevents typed characters from appearing on-screen during entry, whilst third-party libraries like PyInputPlus extend input functionality by automatically validating responses against specified constraints like minimum and maximum values, re-prompting users when invalid data are entered without requiring manual error-handling code.
Letting AI agents generate and run code raises a basic safety problem, since executing untrusted code on live servers can expose secrets, waste resources or damage systems, so dedicated sandboxes have become an important way to isolate build, test and debugging work before producing changes for human review. Five platforms are outlined: Modal provides serverless CPU and GPU execution with short-lived container sandboxes managed in code, Blaxel offers agent oriented micro VMs that can pause at low cost and resume quickly, Daytona focuses on very fast creation of stateful isolated runtimes with options for stronger container isolation, E2B supplies controlled interpreter style environments for Python and JavaScript via SDKs with an open-source base and Together Code Sandbox delivers configurable micro VM environments with snapshot creation, rapid start up and scaling aimed at larger AI coding products. Choice depends on whether priorities are Python-centric pipelines, long-lived agent workspaces, interpreter style execution or tight coupling to an existing model and infrastructure stack.
While modern AI tools can generate working Python code rapidly, the longer-term challenge is keeping that code readable, consistent and easy to maintain, since AI tends to optimise for immediate prompt fulfilment rather than sustainable design. A practical approach is to avoid having AI invent the architecture from scratch by first setting up the project structure yourself, implementing a few reference features and establishing clear patterns for dependencies, error handling and data validation. Maintainability can be improved by making strict type hints mandatory and enforcing them with tooling such as mypy, using contract-driven libraries such as Pydantic, FastAPI and typed SQLAlchemy models, and providing a short project guidelines file that spells out required structure, preferred libraries, forbidden patterns and testing expectations. Prompts should point to existing examples, ask for a plan before code is written and require meaningful tests beyond the happy path, then the output should be checked systematically with automated linters, type checks and test runs before it is accepted.
Released on 8th January 2026, the December 2025 update of VSCode focuses on project maintenance while also delivering a broad set of changes across chat, the editor, source control, the terminal, debugging, testing and extension development. It introduces experimental Agent Skills and improves session management and navigation in chat, adjusts restart behaviour to open a fresh chat by default and expands terminal tool controls with clearer auto approval rules, session and workspace allow options and an option to keep tool run commands out of shell history. Accessibility is improved through livestreaming of chat output in the Accessible View, reduced noise from protocol server output and a new window title variable showing the active editor language, while editor and code editing updates include drag and drop profile import, copying breadcrumb paths, more robust symbol search and new snippet case transformations. Git features add configurable blame behaviour and a clearer commit message editor, an experimental worktrees view appears in the repositories explorer, the terminal receives a reworked IntelliSense default interaction plus major performance, rendering and VT sequence upgrades and developers get new Quick Pick API capabilities, experimental TypeScript first extension authoring and assorted fixes.
Security researchers have identified a campaign in which malicious Microsoft Visual Studio Code extensions, presented as a harmless dark theme and an AI coding assistant, were used to deliver information stealing malware aimed at developers. Although the lures differed, both extensions deployed the same payload, using a legitimate screenshot tool bundled with a malicious DLL so that the signed executable appeared trustworthy while loading the attacker’s code via DLL hijacking. The malware was reported to capture screenshots and exfiltrate sensitive data such as credentials, Wi-Fi passwords, clipboard contents and browser sessions, reflecting a wider pattern of attackers targeting developers and the software supply chain through widely used repositories and development platforms. The extensions were removed from the marketplace after discovery, with researchers assessing the operation as uneven in polish but effective in the techniques that matter.