Developer Targeting

Microsoft Removes 19 Malicious VS Code Extensions After Supply-Chain Campaign Exposed

Researchers say attackers hid payloads by tampering with trusted npm packages embedded in extensions’ bundled dependencies.