A new playground: Malicious campaigns proliferate from VSCode to npm
To avoid compromised packages being introduced as a dependency in a larger project, security teams need to keep an eye peeled for such malicious code.
Malicious VSCode extensions with more than 45K downloads steal PII and enable backdoors - Check Point Blog
Highlights: CloudGuard Spectrals detected malicious extensions on the VSCode marketplace Users installing these extensions were enabling attackers to