State actors turn VS Code and repositories into malware delivery channels

Colleagues, a warning: cybersecurity teams have uncovered phishing campaigns that use GitHub and VS Code as malware delivery channels.
According to Proofpoint and Yeeth, attackers send fake job offers/tasks, ask targets to clone repositories and open them in VS Code/Cursor. They leverage runOn: folderOpen, malicious VSIX extensions, platform loaders for macOS, Linux and Windows, plus malicious npm packages and task.json/Git hooks.
Nearly 100 organizations—mostly in the US—were affected; the objective is theft of crypto wallets and credentials.
Why it matters: developer tools are now a vector for mass data loss and financial harm.
What measures do you prioritize to protect developers?
#cybersecurity #supplychain #devsecops #development


Latest comments
No comments yet.