Open Source Code Poisoned at Scale

San Francisco — Hackers poisoned VS Code extensions, reaching millions via auto-update. A group is poisoning open-source packages at unprecedented scale; VS Code's no-cooldown update pipeline delivers

Ars Technica