InfoWorld

Malicious npm packages contain Vidar infostealer

Researchers say the malware was in the repository for two weeks, advise precautions to defend against malicious packages.
CSO Online

Vibe-coded ransomware proof-of-concept ended up on Microsoft’s marketplace

A suspicious Visual Studio Code extension with file-encrypting and data-stealing behavior successfully bypassed marketplace ...