developer security
3 posts
Article
GitHub-distributed VSCode extension executed unsanctioned code
A board-level brief on the compromised VSCode extension distributed through GitHub: what it exposed, what control did not function, and what must be true.
Article
Malicious VSCode extension shipped through official Marketplace
Technical analysis of a compromised VSCode extension reaching GitHub credentials: extension host privileges, MITRE ATT&CK mapping, telemetry gaps.
Article
The extension on your dock just shipped malware
A compromised VSCode extension reached GitHub. Breakdown of the trust boundary that failed and what developer endpoints actually expose.