#vs code eklenti saldırısı

2 NEWS

Ars Technica

TeamPCP’s rising campaign: how malicious VSCode plugins breach GitHub repos

A hacker group is weaponizing infected VSCode extensions to infiltrate thousands of GitHub repositories, exposing the fragility of trusted development pipelines. The scale and frequency of these attacks demand urgent shifts in open source security practices.

May 22, 2026

VentureBeat

How attackers exploited npm’s trusted publishing system with fake certificates

Attackers bypassed npm’s last line of trust by abusing Sigstore provenance verification, turning valid certificates into weapons. Learn how stolen credentials and CI/CD flaws enabled a rapid supply-chain attack.

May 23, 2026