Malicious AI-made extension with ransomware capabilities sneaks on to Microsoft's official ...

A malicious extension was published on Microsoft ’s official VS Code marketplace, and was able to remain there for some time ...
InfoWorld

Malicious npm packages contain Vidar infostealer

Researchers say the malware was in the repository for two weeks, advise precautions to defend against malicious packages.