CSOonline

Hacker inserts destructive code in Amazon Q tool as update goes live

A hacker managed to insert destructive system commands into Amazon’s Visual Studio Code extension used for accessing its AI-powered coding assistant, Q, which was later distributed to users through an ...
InfoWorld

Self-propagating worm found in marketplaces for Visual Studio Code extensions

Treat this as an immediate security incident, CISOs advised; researchers say it’s one of the most sophisticated supply chain attacks they’ve seen, and it’s spreading. A month after a self-propagating ...