Attackers can abuse VS Code configuration files for RCE when a GitHub Codespaces user opens a repository or pull request.
Open VSX supply chain attack hijacked VS Code extensions delivered GlassWorm malware stealing macOS, crypto, and developer ...