Techzine Europe

Invisible malware spread via VS Code extensions

The leak has now been fixed. According to the Open VSX team, the incident has been fully contained and closed since October ...
CSO Online

Malicious packages in npm evade dependency detection through invisible URL links: Report

Researchers outline how the PhantomRaven campaign exploits hole in npm to enable software supply chain attacks.