In the wake of the massive Shai-Hulud supply chain attack that ripped through npm late last year and compromised more than 700 packages and exposed 25,000 repositories, developers in the JavaScript world embraced a two-part defense strategy. The widely adopted playbook called for disabling lifecycle scripts and using lockfiles. “It became the standard advice everywhere […]
Malicious VS Code Extensions Take Screenshots, Steal Info
Developers were the targets of two new malicious Microsoft Visual Studio Code (VS Code) extensions created by a threat actor that security researchers believe is experimenting with methods for delivering information-stealing malware to the victims’ systems. The malicious extensions come posing as a harmless “premium dark theme” and an AI-powered coding assistant, but both – […]